Overview

overview

10

Static

static

3

2e6acd9f2e...b4.exe

windows7-x64

10

2e6acd9f2e...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e6acd9f2ef578a239aec1663a0be9ca52adff5e8979b0c2f02ed67dfe146fb4

  • Size

    113KB

  • Sample

    250305-2ld66a1vcv

  • MD5

    428ac28b0093ae6b697ddec55931538e

  • SHA1

    b2dc89e8a5bd3ac0893e754d6433b4c5dec54ecc

  • SHA256

    2e6acd9f2ef578a239aec1663a0be9ca52adff5e8979b0c2f02ed67dfe146fb4

  • SHA512

    04aed98c1b6783a5cf8735c51c475fb170a2aa481a97f14eab55ed1bebbcd029fa41a3c8976e456981f90eb68424b80ea50d6a84b8f1db1189437d2893d5652d

  • SSDEEP

    3072:3vkFfUYL4qTM5/UP+TYfOuGkZFfFSebHWrH8wTW0:sFfd98Ym7otSeWrP

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      2e6acd9f2ef578a239aec1663a0be9ca52adff5e8979b0c2f02ed67dfe146fb4

    • Size

      113KB

    • MD5

      428ac28b0093ae6b697ddec55931538e

    • SHA1

      b2dc89e8a5bd3ac0893e754d6433b4c5dec54ecc

    • SHA256

      2e6acd9f2ef578a239aec1663a0be9ca52adff5e8979b0c2f02ed67dfe146fb4

    • SHA512

      04aed98c1b6783a5cf8735c51c475fb170a2aa481a97f14eab55ed1bebbcd029fa41a3c8976e456981f90eb68424b80ea50d6a84b8f1db1189437d2893d5652d

    • SSDEEP

      3072:3vkFfUYL4qTM5/UP+TYfOuGkZFfFSebHWrH8wTW0:sFfd98Ym7otSeWrP

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks