Overview

overview

10

Static

static

10

85e2d012f3...2e.exe

windows7-x64

10

85e2d012f3...2e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85e2d012f3b14270a4bf88f9b818b527751ebb39ea6d5af1166b957d59f47e2e

  • Size

    448KB

  • Sample

    250306-gylrjs1px9

  • MD5

    a66e2b2a8f38463068468b1bdb49ee0e

  • SHA1

    a699aa6ab881fe083c52c0fa87044b35179e9ccc

  • SHA256

    85e2d012f3b14270a4bf88f9b818b527751ebb39ea6d5af1166b957d59f47e2e

  • SHA512

    8ff92e94330cc6bf3e4b9cf1ef7bab1c6886bde0f612b3be90850ec510c396baabee9981a9511450c271f5eed9dc38fe9d2b5ad17427cc2b2ac046faba751b59

  • SSDEEP

    6144:3xtwDGYu6s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nr0xuIKjyAH9G:huD7705kWM/9J6gqGBf/sAHZHbgdhgi

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      85e2d012f3b14270a4bf88f9b818b527751ebb39ea6d5af1166b957d59f47e2e

    • Size

      448KB

    • MD5

      a66e2b2a8f38463068468b1bdb49ee0e

    • SHA1

      a699aa6ab881fe083c52c0fa87044b35179e9ccc

    • SHA256

      85e2d012f3b14270a4bf88f9b818b527751ebb39ea6d5af1166b957d59f47e2e

    • SHA512

      8ff92e94330cc6bf3e4b9cf1ef7bab1c6886bde0f612b3be90850ec510c396baabee9981a9511450c271f5eed9dc38fe9d2b5ad17427cc2b2ac046faba751b59

    • SSDEEP

      6144:3xtwDGYu6s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nr0xuIKjyAH9G:huD7705kWM/9J6gqGBf/sAHZHbgdhgi

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks