Overview

overview

10

Static

static

3

0d75f5efc2...c5.exe

windows7-x64

10

0d75f5efc2...c5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d75f5efc26038e5605a4bfc25e355f01b8abb8643f938341c03569be9e0c9c5

  • Size

    113KB

  • Sample

    250305-y1gztaxwdy

  • MD5

    a9c286e3e6ec94749cf538bf936ba3bc

  • SHA1

    c7c63f3c93941733a2a928f358b790baf028a4de

  • SHA256

    0d75f5efc26038e5605a4bfc25e355f01b8abb8643f938341c03569be9e0c9c5

  • SHA512

    b7901cec29427c22c1b944e89c35263c6c038b9b9409fedb872cb109d443e23c0b728e0c5dd409fc226bf19145dc5d57273e1bfacc4165b0d5db740eb0a90e20

  • SSDEEP

    1536:bNGxYnJb9HoTkvLi8fXO617DWkZFfScD7SzCbHWrAW8wTWiliX:M2nrOkvLjXOuGkZFfFSebHWrH8wTW0

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0d75f5efc26038e5605a4bfc25e355f01b8abb8643f938341c03569be9e0c9c5

    • Size

      113KB

    • MD5

      a9c286e3e6ec94749cf538bf936ba3bc

    • SHA1

      c7c63f3c93941733a2a928f358b790baf028a4de

    • SHA256

      0d75f5efc26038e5605a4bfc25e355f01b8abb8643f938341c03569be9e0c9c5

    • SHA512

      b7901cec29427c22c1b944e89c35263c6c038b9b9409fedb872cb109d443e23c0b728e0c5dd409fc226bf19145dc5d57273e1bfacc4165b0d5db740eb0a90e20

    • SSDEEP

      1536:bNGxYnJb9HoTkvLi8fXO617DWkZFfScD7SzCbHWrAW8wTWiliX:M2nrOkvLjXOuGkZFfFSebHWrH8wTW0

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks