Overview

overview

10

Static

static

3

e623a38a42...99.exe

windows7-x64

10

e623a38a42...99.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e623a38a42e1be60d7d23616cbce8016f8f9d2a51f99e3648dbf91e9cb118199

  • Size

    209KB

  • Sample

    250306-qz3wwszset

  • MD5

    9fa7095725de97c4203328aaa544c428

  • SHA1

    8039844f9939a5e85f84e3d7777566d5d1eecf96

  • SHA256

    e623a38a42e1be60d7d23616cbce8016f8f9d2a51f99e3648dbf91e9cb118199

  • SHA512

    655252b84227969c25cdb49fdc95a19fea1cbf0a9c7faa4c3495bf82b04741a881b5f15a1545b9b70e8950e7fe12ac3d09c3aa6fa8bb9f15fba8965484d59c0c

  • SSDEEP

    3072:XtG8FN7CZ8mnao9XZuKVPh1aBvlyNrN2JSZ8mnao9XZSJASfvDI4SMMFtOVav8W:97N7C5ZXZuKVp1fNrNF5ZXZ7SEJtKa

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e623a38a42e1be60d7d23616cbce8016f8f9d2a51f99e3648dbf91e9cb118199

    • Size

      209KB

    • MD5

      9fa7095725de97c4203328aaa544c428

    • SHA1

      8039844f9939a5e85f84e3d7777566d5d1eecf96

    • SHA256

      e623a38a42e1be60d7d23616cbce8016f8f9d2a51f99e3648dbf91e9cb118199

    • SHA512

      655252b84227969c25cdb49fdc95a19fea1cbf0a9c7faa4c3495bf82b04741a881b5f15a1545b9b70e8950e7fe12ac3d09c3aa6fa8bb9f15fba8965484d59c0c

    • SSDEEP

      3072:XtG8FN7CZ8mnao9XZuKVPh1aBvlyNrN2JSZ8mnao9XZSJASfvDI4SMMFtOVav8W:97N7C5ZXZuKVp1fNrNF5ZXZ7SEJtKa

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks