Overview

overview

10

Static

static

3

9053d3a41a...9b.exe

windows7-x64

10

9053d3a41a...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9053d3a41ae7278e97435d1a457b2ff9bf145b23f566b07c71fed1f95785239b.exe

  • Size

    64KB

  • Sample

    250120-kz2qya1qez

  • MD5

    869a69f7c82d146d433f89ca59623be7

  • SHA1

    3521acc3c974ba8e42db51785f2fe6e23de7671f

  • SHA256

    9053d3a41ae7278e97435d1a457b2ff9bf145b23f566b07c71fed1f95785239b

  • SHA512

    819de84154fe7f4c7a8c18d82491ba16f49a599d368ded0cdb604647f716e585d86d483a945c860b1ddd6bcb0b482e5d49e82f9db65f0ecb9f4883c1118a1ff8

  • SSDEEP

    768:JyBSPuMV2oKTncs04+PR4I5/3MwS8TDeWUnZEQGMbHeBO/1H5pu6XJ1IwEGp9Thi:JyBSGMyx+PCI5FirnZEM77rXUwXfzw9

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9053d3a41ae7278e97435d1a457b2ff9bf145b23f566b07c71fed1f95785239b.exe

    • Size

      64KB

    • MD5

      869a69f7c82d146d433f89ca59623be7

    • SHA1

      3521acc3c974ba8e42db51785f2fe6e23de7671f

    • SHA256

      9053d3a41ae7278e97435d1a457b2ff9bf145b23f566b07c71fed1f95785239b

    • SHA512

      819de84154fe7f4c7a8c18d82491ba16f49a599d368ded0cdb604647f716e585d86d483a945c860b1ddd6bcb0b482e5d49e82f9db65f0ecb9f4883c1118a1ff8

    • SSDEEP

      768:JyBSPuMV2oKTncs04+PR4I5/3MwS8TDeWUnZEQGMbHeBO/1H5pu6XJ1IwEGp9Thi:JyBSGMyx+PCI5FirnZEM77rXUwXfzw9

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks