Overview

overview

10

Static

static

10

00fcece3b5...a6.exe

windows7-x64

10

00fcece3b5...a6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00fcece3b55865d4d5c0ff7429d6377e2f6eb53b9c5cd37d6c2a51a3ea0f5ba6

  • Size

    176KB

  • Sample

    250305-xrqd6awrv9

  • MD5

    17d398e50149eb6f8aaf2093165e5011

  • SHA1

    4e84b0985ea6c46b643e5be2032aedd8e958df21

  • SHA256

    00fcece3b55865d4d5c0ff7429d6377e2f6eb53b9c5cd37d6c2a51a3ea0f5ba6

  • SHA512

    de0f41b45dbaea527623d3569a7006433601431a1b5da8f8c6d031e5f84aac9559c4770979361adc03aec8ad29a2bfe9c16428c4d6c764b2d3169b8cf7479aba

  • SSDEEP

    3072:or/lNYNMm51cjENRZ9wmAOIayGsOOJF4EISi/i4gG4npAjmA39QQIckJI:o7YOm51nTZ9EaUn4yjK99QQd

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      00fcece3b55865d4d5c0ff7429d6377e2f6eb53b9c5cd37d6c2a51a3ea0f5ba6

    • Size

      176KB

    • MD5

      17d398e50149eb6f8aaf2093165e5011

    • SHA1

      4e84b0985ea6c46b643e5be2032aedd8e958df21

    • SHA256

      00fcece3b55865d4d5c0ff7429d6377e2f6eb53b9c5cd37d6c2a51a3ea0f5ba6

    • SHA512

      de0f41b45dbaea527623d3569a7006433601431a1b5da8f8c6d031e5f84aac9559c4770979361adc03aec8ad29a2bfe9c16428c4d6c764b2d3169b8cf7479aba

    • SSDEEP

      3072:or/lNYNMm51cjENRZ9wmAOIayGsOOJF4EISi/i4gG4npAjmA39QQIckJI:o7YOm51nTZ9EaUn4yjK99QQd

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks