Overview

overview

10

Static

static

3

89a117534d...e0.exe

windows7-x64

10

89a117534d...e0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89a117534d3b0013ba37bc9094e2f208040957830d37f64b194aee74aac3b9e0

  • Size

    194KB

  • Sample

    250306-g9d6va1vgz

  • MD5

    8dae85ee4783d0f11d5a496859fa7d0d

  • SHA1

    7821fa0f6c48921d43831d5940fd2a699edde5fa

  • SHA256

    89a117534d3b0013ba37bc9094e2f208040957830d37f64b194aee74aac3b9e0

  • SHA512

    4686948117e26d48496a1156db6a90e6fcb2a7000a239682ac590caf8a386596b08dfcb14f4e97939f0e815a04990cb7fb38fb345e524ec51353f9568314fc90

  • SSDEEP

    6144:h78TW5JdSfUNRbCeKpNYxWlJ7mkD6pNY:h7a

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      89a117534d3b0013ba37bc9094e2f208040957830d37f64b194aee74aac3b9e0

    • Size

      194KB

    • MD5

      8dae85ee4783d0f11d5a496859fa7d0d

    • SHA1

      7821fa0f6c48921d43831d5940fd2a699edde5fa

    • SHA256

      89a117534d3b0013ba37bc9094e2f208040957830d37f64b194aee74aac3b9e0

    • SHA512

      4686948117e26d48496a1156db6a90e6fcb2a7000a239682ac590caf8a386596b08dfcb14f4e97939f0e815a04990cb7fb38fb345e524ec51353f9568314fc90

    • SSDEEP

      6144:h78TW5JdSfUNRbCeKpNYxWlJ7mkD6pNY:h7a

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks