Overview

overview

10

Static

static

3

576dc4728e...bf.exe

windows7-x64

10

576dc4728e...bf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    576dc4728e818e04a2d8a3d3bb35e54c4b16defe0f5f4a3ecdd81ecba7e193bf.exe

  • Size

    97KB

  • Sample

    241225-wahsba1ldl

  • MD5

    1212489f7182f9a92199b91c1bba186e

  • SHA1

    68b3cbb7a0aa6144dcd607e610190e3372ee4b2d

  • SHA256

    576dc4728e818e04a2d8a3d3bb35e54c4b16defe0f5f4a3ecdd81ecba7e193bf

  • SHA512

    b5cd25b03bfcde1f60ab42a50b4ecf14fbcd4d8201fe7c710fd6835c1049902084c71790698b41c6a2c19ae0f6ef2f4615b30dbd7a8638a675f52aa6e8623400

  • SSDEEP

    1536:5/JO/ltsAgD3wBkr0oXBwEBEWQ+8gXUwXfzwE57pvJXeYZE:5CO7TXPXy/kPzwm7pJXeKE

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      576dc4728e818e04a2d8a3d3bb35e54c4b16defe0f5f4a3ecdd81ecba7e193bf.exe

    • Size

      97KB

    • MD5

      1212489f7182f9a92199b91c1bba186e

    • SHA1

      68b3cbb7a0aa6144dcd607e610190e3372ee4b2d

    • SHA256

      576dc4728e818e04a2d8a3d3bb35e54c4b16defe0f5f4a3ecdd81ecba7e193bf

    • SHA512

      b5cd25b03bfcde1f60ab42a50b4ecf14fbcd4d8201fe7c710fd6835c1049902084c71790698b41c6a2c19ae0f6ef2f4615b30dbd7a8638a675f52aa6e8623400

    • SSDEEP

      1536:5/JO/ltsAgD3wBkr0oXBwEBEWQ+8gXUwXfzwE57pvJXeYZE:5CO7TXPXy/kPzwm7pJXeKE

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks