Overview

overview

10

Static

static

3

ce40c29063...55.exe

windows7-x64

10

ce40c29063...55.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce40c290636abf2e04fc8cef437cefb19d7b35c3de285d508ae9f53ecc42e055

  • Size

    64KB

  • Sample

    250306-nl46paxtc1

  • MD5

    0f75d54172a7d7ee8cc0c9dd02a46599

  • SHA1

    4d2b499e2318073ddb2299890637884fae7154d7

  • SHA256

    ce40c290636abf2e04fc8cef437cefb19d7b35c3de285d508ae9f53ecc42e055

  • SHA512

    830dc3834d97bc508e369e4356f39ebd61d0014709445f85a6892d3f6b8db11ddfcd06514462fb3897528285f3628375967e08a3e8ccfcdc76c718f3f5d87638

  • SSDEEP

    768:DwC97GKFFUAZ4RPq3DmxNDpXwqSitEFstuYry3SHGypkLU/1H56E6XJ1IwEGp9TY:T5GKskDYPsFOTHG0h0XUwXfzwv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ce40c290636abf2e04fc8cef437cefb19d7b35c3de285d508ae9f53ecc42e055

    • Size

      64KB

    • MD5

      0f75d54172a7d7ee8cc0c9dd02a46599

    • SHA1

      4d2b499e2318073ddb2299890637884fae7154d7

    • SHA256

      ce40c290636abf2e04fc8cef437cefb19d7b35c3de285d508ae9f53ecc42e055

    • SHA512

      830dc3834d97bc508e369e4356f39ebd61d0014709445f85a6892d3f6b8db11ddfcd06514462fb3897528285f3628375967e08a3e8ccfcdc76c718f3f5d87638

    • SSDEEP

      768:DwC97GKFFUAZ4RPq3DmxNDpXwqSitEFstuYry3SHGypkLU/1H56E6XJ1IwEGp9TY:T5GKskDYPsFOTHG0h0XUwXfzwv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks