Overview

overview

10

Static

static

3

84c180e392...0f.exe

windows7-x64

10

84c180e392...0f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    84c180e392ca70bc0280fe5536daae48eb69ce4ff186ced7e8833f28002fe70f

  • Size

    64KB

  • Sample

    250306-gtq6ga1nw4

  • MD5

    0effa95355bc65c8d13314f0f583dc12

  • SHA1

    9421d10bd3ab50414510330a615624c31b8abf62

  • SHA256

    84c180e392ca70bc0280fe5536daae48eb69ce4ff186ced7e8833f28002fe70f

  • SHA512

    97a76cd7f22f77c88690d8da31eb767345834d2731041801cb421d1574ab696f2da54d6d8206e24be50ef3ee7bf1b7e15d04d817e902203f56a6148056d74e1a

  • SSDEEP

    1536:2ziXCS1vVrVPDiGBDZgmPDeWyYrPFW2iwTbW:2z+jGADZZP6XkFW2VTbW

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      84c180e392ca70bc0280fe5536daae48eb69ce4ff186ced7e8833f28002fe70f

    • Size

      64KB

    • MD5

      0effa95355bc65c8d13314f0f583dc12

    • SHA1

      9421d10bd3ab50414510330a615624c31b8abf62

    • SHA256

      84c180e392ca70bc0280fe5536daae48eb69ce4ff186ced7e8833f28002fe70f

    • SHA512

      97a76cd7f22f77c88690d8da31eb767345834d2731041801cb421d1574ab696f2da54d6d8206e24be50ef3ee7bf1b7e15d04d817e902203f56a6148056d74e1a

    • SSDEEP

      1536:2ziXCS1vVrVPDiGBDZgmPDeWyYrPFW2iwTbW:2z+jGADZZP6XkFW2VTbW

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks