Overview

overview

10

Static

static

3

7299e1699b...b5.exe

windows7-x64

10

7299e1699b...b5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7299e1699bb5b1124a5115af7c551206fe150a6640f997b25349c1e3fb80f9b5.exe

  • Size

    84KB

  • Sample

    241225-yb6a4svmam

  • MD5

    228a0e54742c65ed6e3153f376096e27

  • SHA1

    c9ed4f195b56a605f86fb53808e957b9c3c8b343

  • SHA256

    7299e1699bb5b1124a5115af7c551206fe150a6640f997b25349c1e3fb80f9b5

  • SHA512

    8b68bea04fd0960de59f98bfc6e48e17bd3ab12f91d84becc9a6e4df6930ffb5f03fad2fe159b6fe36119f7505e863339c53fd8b8dffb70dd9fc3f338deeda91

  • SSDEEP

    1536:T4iwxP1wbUdI3BZ6/P//zFc/ZJtxp8sx8ANZLvfPDyH6n8dEelLYR7xeGSmUmmmD:1wRyxAy/lxvt3PDyH6n8djlLYR7xr1

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      7299e1699bb5b1124a5115af7c551206fe150a6640f997b25349c1e3fb80f9b5.exe

    • Size

      84KB

    • MD5

      228a0e54742c65ed6e3153f376096e27

    • SHA1

      c9ed4f195b56a605f86fb53808e957b9c3c8b343

    • SHA256

      7299e1699bb5b1124a5115af7c551206fe150a6640f997b25349c1e3fb80f9b5

    • SHA512

      8b68bea04fd0960de59f98bfc6e48e17bd3ab12f91d84becc9a6e4df6930ffb5f03fad2fe159b6fe36119f7505e863339c53fd8b8dffb70dd9fc3f338deeda91

    • SSDEEP

      1536:T4iwxP1wbUdI3BZ6/P//zFc/ZJtxp8sx8ANZLvfPDyH6n8dEelLYR7xeGSmUmmmD:1wRyxAy/lxvt3PDyH6n8djlLYR7xr1

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks