Overview

overview

10

Static

static

3

b590d7e3ee...61.exe

windows7-x64

10

b590d7e3ee...61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b590d7e3eeeca479e0306736e4e3d1ef9a0b2ad72d533a555781dfac4e80ce61

  • Size

    52KB

  • Sample

    250306-lqa3asvxbw

  • MD5

    283def5a1ca20371277e5e22810b8808

  • SHA1

    0b25f42f4e015d38d80fc7dfced6c9549b30dd04

  • SHA256

    b590d7e3eeeca479e0306736e4e3d1ef9a0b2ad72d533a555781dfac4e80ce61

  • SHA512

    501c3ef7f54d34fd341824d68fe0272b292c7c0e54d8bc1bf2de680c50266ca3d6c0fce9b003de0659feb7215a5c5405002e8111d294b4400966257c3aaba4a8

  • SSDEEP

    768:kJ3KO8PO1T7gAk5D3Z+NT6wHHzpci6KMsMUnT4Hshp/1H5F/s3gMABvKWe:kNKO8P0upgH9CdiTE6j0gMAdKZ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b590d7e3eeeca479e0306736e4e3d1ef9a0b2ad72d533a555781dfac4e80ce61

    • Size

      52KB

    • MD5

      283def5a1ca20371277e5e22810b8808

    • SHA1

      0b25f42f4e015d38d80fc7dfced6c9549b30dd04

    • SHA256

      b590d7e3eeeca479e0306736e4e3d1ef9a0b2ad72d533a555781dfac4e80ce61

    • SHA512

      501c3ef7f54d34fd341824d68fe0272b292c7c0e54d8bc1bf2de680c50266ca3d6c0fce9b003de0659feb7215a5c5405002e8111d294b4400966257c3aaba4a8

    • SSDEEP

      768:kJ3KO8PO1T7gAk5D3Z+NT6wHHzpci6KMsMUnT4Hshp/1H5F/s3gMABvKWe:kNKO8P0upgH9CdiTE6j0gMAdKZ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks