Overview

overview

10

Static

static

10

82fefd1539...d8.exe

windows7-x64

10

82fefd1539...d8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82fefd153935b2b4665985f6f4b0d4c53bdc3ef5a77e4d4c25ccd03077aefdd8

  • Size

    128KB

  • Sample

    250306-gpmmgszzb1

  • MD5

    96c694d97e41c1ce3b1ba91dc476949c

  • SHA1

    10879948edbe7a3b35ea5531d2be0729f4ed0522

  • SHA256

    82fefd153935b2b4665985f6f4b0d4c53bdc3ef5a77e4d4c25ccd03077aefdd8

  • SHA512

    6f32b4a04cbd6143cec4c1b09befb52c537ab16eb391ac9e29d21ba13fdbec9c470ccf6c0c5211af16f88ac74c95a1aafa7879200bca463ba3a899f69bb8c61d

  • SSDEEP

    3072:yeVzoRqdBWG6cym/PwidSX3ReDrFDHZtOgxBOXXH:9ZWG6UP7dSX3RO5tTDUX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      82fefd153935b2b4665985f6f4b0d4c53bdc3ef5a77e4d4c25ccd03077aefdd8

    • Size

      128KB

    • MD5

      96c694d97e41c1ce3b1ba91dc476949c

    • SHA1

      10879948edbe7a3b35ea5531d2be0729f4ed0522

    • SHA256

      82fefd153935b2b4665985f6f4b0d4c53bdc3ef5a77e4d4c25ccd03077aefdd8

    • SHA512

      6f32b4a04cbd6143cec4c1b09befb52c537ab16eb391ac9e29d21ba13fdbec9c470ccf6c0c5211af16f88ac74c95a1aafa7879200bca463ba3a899f69bb8c61d

    • SSDEEP

      3072:yeVzoRqdBWG6cym/PwidSX3ReDrFDHZtOgxBOXXH:9ZWG6UP7dSX3RO5tTDUX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks