Overview

overview

10

Static

static

10

25e5b9374b...4b.exe

windows7-x64

10

25e5b9374b...4b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25e5b9374ba0997101a70c4177055ca0bd831f15252bbfb32c938b3cda48254b.exe

  • Size

    422KB

  • Sample

    241225-xc1xcasqhn

  • MD5

    2b36ef018b29035b23eb430a07ce0878

  • SHA1

    8bc0ce1ac39526762b913f086706887583c95954

  • SHA256

    25e5b9374ba0997101a70c4177055ca0bd831f15252bbfb32c938b3cda48254b

  • SHA512

    7685d78b698bf61b60ed5a25c94e372f92bda6d3cdbd0ea3371fe9e46b7a766f87dc14e630fc7b3bfae1835eb65036c850553e6ce5fee744d74edf5458a25f27

  • SSDEEP

    6144:O9hUrlhLbabO6FSPnvZU1AF+6FSPnvZhDYsKKo6FSPnvZU1AF+6FSPnvZu:IUjGaXgA4XfczXgA4XQ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      25e5b9374ba0997101a70c4177055ca0bd831f15252bbfb32c938b3cda48254b.exe

    • Size

      422KB

    • MD5

      2b36ef018b29035b23eb430a07ce0878

    • SHA1

      8bc0ce1ac39526762b913f086706887583c95954

    • SHA256

      25e5b9374ba0997101a70c4177055ca0bd831f15252bbfb32c938b3cda48254b

    • SHA512

      7685d78b698bf61b60ed5a25c94e372f92bda6d3cdbd0ea3371fe9e46b7a766f87dc14e630fc7b3bfae1835eb65036c850553e6ce5fee744d74edf5458a25f27

    • SSDEEP

      6144:O9hUrlhLbabO6FSPnvZU1AF+6FSPnvZhDYsKKo6FSPnvZU1AF+6FSPnvZu:IUjGaXgA4XfczXgA4XQ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks