Overview

overview

10

Static

static

10

466ed5ebe7...70.exe

windows7-x64

10

466ed5ebe7...70.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    466ed5ebe7cfba37335215e81e25db1356a94c87447505b0e1313f30c8a9bf70

  • Size

    128KB

  • Sample

    250306-aw7snstqw4

  • MD5

    2f26c0f7f6529a3ee65257d36ccaccd7

  • SHA1

    c75035d2b9ae0889e9e506f344687a9ab7b34b44

  • SHA256

    466ed5ebe7cfba37335215e81e25db1356a94c87447505b0e1313f30c8a9bf70

  • SHA512

    5871a3ac0135077851bfa2942f69c543129a3f83d46677416d4e7f6f9c711e7fe9db4ba97065b5254de742758d8220925302748dc3a6d5c516853f96e2fee9fd

  • SSDEEP

    3072:RGgonn9y6Gym/PwidSX3ReDrFDHZtOgxBOXXH:RGr9y6iP7dSX3RO5tTDUX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      466ed5ebe7cfba37335215e81e25db1356a94c87447505b0e1313f30c8a9bf70

    • Size

      128KB

    • MD5

      2f26c0f7f6529a3ee65257d36ccaccd7

    • SHA1

      c75035d2b9ae0889e9e506f344687a9ab7b34b44

    • SHA256

      466ed5ebe7cfba37335215e81e25db1356a94c87447505b0e1313f30c8a9bf70

    • SHA512

      5871a3ac0135077851bfa2942f69c543129a3f83d46677416d4e7f6f9c711e7fe9db4ba97065b5254de742758d8220925302748dc3a6d5c516853f96e2fee9fd

    • SSDEEP

      3072:RGgonn9y6Gym/PwidSX3ReDrFDHZtOgxBOXXH:RGr9y6iP7dSX3RO5tTDUX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks