Overview

overview

10

Static

static

3

eead080e6e...d1.exe

windows7-x64

10

eead080e6e...d1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eead080e6e5d6d5eed5c4db306615065a4c96297699d01abf952bb9c721b8cd1

  • Size

    512KB

  • Sample

    250306-rrgjcszyb1

  • MD5

    95a2db44b548ad0f9ff8657801c9649d

  • SHA1

    6406c5e5116e258417dcd800ccb2c3e7dabb5528

  • SHA256

    eead080e6e5d6d5eed5c4db306615065a4c96297699d01abf952bb9c721b8cd1

  • SHA512

    6ab9cb9355416594e73f2d02501724a00dd320c7bf54a33c91f2352318d55e583668ed1e62fb56bd7b0cbc13735cc9070c86a2ed96e4adf9a708a08cc02bf230

  • SSDEEP

    6144:Co53853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZ:CeQBpnchWcZ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      eead080e6e5d6d5eed5c4db306615065a4c96297699d01abf952bb9c721b8cd1

    • Size

      512KB

    • MD5

      95a2db44b548ad0f9ff8657801c9649d

    • SHA1

      6406c5e5116e258417dcd800ccb2c3e7dabb5528

    • SHA256

      eead080e6e5d6d5eed5c4db306615065a4c96297699d01abf952bb9c721b8cd1

    • SHA512

      6ab9cb9355416594e73f2d02501724a00dd320c7bf54a33c91f2352318d55e583668ed1e62fb56bd7b0cbc13735cc9070c86a2ed96e4adf9a708a08cc02bf230

    • SSDEEP

      6144:Co53853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZ:CeQBpnchWcZ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks