Overview

overview

10

Static

static

3

280ddbea59...88.exe

windows7-x64

10

280ddbea59...88.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    280ddbea59f2d8726d4743db726515647ca9798785dcecf226b2f58ffed35b88

  • Size

    344KB

  • Sample

    250306-3fdh4szvax

  • MD5

    b6c073a30ff6f445feab2baaa05afed0

  • SHA1

    a03d43e23f9d652c22800c348c65c6b46cee0a87

  • SHA256

    280ddbea59f2d8726d4743db726515647ca9798785dcecf226b2f58ffed35b88

  • SHA512

    b5c3f3f7cc88ce953ad63886b429042d014105064ae78e2ee32f456c7523ae1c6ddc876c23748ed96286eb4c66aeed8647327877bbfa1b1262fe5843ea4b7861

  • SSDEEP

    6144:WIqgl8RRTuCpX2/mnbzvdLaD6OkPgl6bmIjlQFn:WIiyCpXImbzQD6OkPgl6bmIjKn

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      280ddbea59f2d8726d4743db726515647ca9798785dcecf226b2f58ffed35b88

    • Size

      344KB

    • MD5

      b6c073a30ff6f445feab2baaa05afed0

    • SHA1

      a03d43e23f9d652c22800c348c65c6b46cee0a87

    • SHA256

      280ddbea59f2d8726d4743db726515647ca9798785dcecf226b2f58ffed35b88

    • SHA512

      b5c3f3f7cc88ce953ad63886b429042d014105064ae78e2ee32f456c7523ae1c6ddc876c23748ed96286eb4c66aeed8647327877bbfa1b1262fe5843ea4b7861

    • SSDEEP

      6144:WIqgl8RRTuCpX2/mnbzvdLaD6OkPgl6bmIjlQFn:WIiyCpXImbzQD6OkPgl6bmIjKn

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks