Overview

overview

10

Static

static

10

bcae856d94...f7.exe

windows7-x64

10

bcae856d94...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bcae856d94cb91e1d1ff2e250a43d4f56a50775f507b2b97809dbfc0191bd7f7

  • Size

    232KB

  • Sample

    250306-l9rjdsv1fx

  • MD5

    95b2403b4ad533eddc95690cee32d085

  • SHA1

    c6c7a80223f2dacb4978138f96196e6116bd5c73

  • SHA256

    bcae856d94cb91e1d1ff2e250a43d4f56a50775f507b2b97809dbfc0191bd7f7

  • SHA512

    0bbadbd6cb27728df194e1c12d5780252599bc011a907b05d327b377b4046e2db8dea5d5ee54f7ca7ade8a5303edab7c0de7c98a651984605ce6a5c10ef34e7c

  • SSDEEP

    3072:UkYY2QxtRaEmo84D7usluTXp6UF5wzec+tZOnU1/s5HH0AU/yRvS3u121TzlbNRb:LYPQx4g6s21L7/s50z/Wa3/PNlPX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      bcae856d94cb91e1d1ff2e250a43d4f56a50775f507b2b97809dbfc0191bd7f7

    • Size

      232KB

    • MD5

      95b2403b4ad533eddc95690cee32d085

    • SHA1

      c6c7a80223f2dacb4978138f96196e6116bd5c73

    • SHA256

      bcae856d94cb91e1d1ff2e250a43d4f56a50775f507b2b97809dbfc0191bd7f7

    • SHA512

      0bbadbd6cb27728df194e1c12d5780252599bc011a907b05d327b377b4046e2db8dea5d5ee54f7ca7ade8a5303edab7c0de7c98a651984605ce6a5c10ef34e7c

    • SSDEEP

      3072:UkYY2QxtRaEmo84D7usluTXp6UF5wzec+tZOnU1/s5HH0AU/yRvS3u121TzlbNRb:LYPQx4g6s21L7/s50z/Wa3/PNlPX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks