Overview

overview

10

Static

static

3

b3cdcbf438...6N.exe

windows7-x64

10

b3cdcbf438...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b3cdcbf438832cd732c88df5442e8238189324a6b2975c896575aa4a01376876N.exe

  • Size

    92KB

  • Sample

    241225-tw3cqsyjdw

  • MD5

    9d764793c8962eca2e1b7f1f7c2a1620

  • SHA1

    094a5ad4c0da24326917a7c2b46ca723276766a0

  • SHA256

    b3cdcbf438832cd732c88df5442e8238189324a6b2975c896575aa4a01376876

  • SHA512

    212a6840679ac491c718bda9cb807f189bfc74e3b1c4e71130c8f9ea6fa876b9e2478e8b2f7167cfa6d7efee71d3504765e7c88399db70b40a758224e1962359

  • SSDEEP

    1536:qYNzSoSUjTXNDAD6/k4fU9iZl5b9lO7uXcNvvm5yw/Lb0OUrrQ35wNBUyVVm:VSiTXNDtkuU945a7usluTXp6UH

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b3cdcbf438832cd732c88df5442e8238189324a6b2975c896575aa4a01376876N.exe

    • Size

      92KB

    • MD5

      9d764793c8962eca2e1b7f1f7c2a1620

    • SHA1

      094a5ad4c0da24326917a7c2b46ca723276766a0

    • SHA256

      b3cdcbf438832cd732c88df5442e8238189324a6b2975c896575aa4a01376876

    • SHA512

      212a6840679ac491c718bda9cb807f189bfc74e3b1c4e71130c8f9ea6fa876b9e2478e8b2f7167cfa6d7efee71d3504765e7c88399db70b40a758224e1962359

    • SSDEEP

      1536:qYNzSoSUjTXNDAD6/k4fU9iZl5b9lO7uXcNvvm5yw/Lb0OUrrQ35wNBUyVVm:VSiTXNDtkuU945a7usluTXp6UH

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks