Overview

overview

10

Static

static

3

8b298c6883...4c.exe

windows7-x64

10

8b298c6883...4c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b298c6883b8ed403f9b7bc3a87dcaeed37da3e8f19d384c9e82a93071bf374c

  • Size

    64KB

  • Sample

    250307-3mbcbsyyfv

  • MD5

    95e38386a7a2b1d73cceccbc23e6383f

  • SHA1

    c237ff491f1d2570fbbd445a0d6b94e80371688a

  • SHA256

    8b298c6883b8ed403f9b7bc3a87dcaeed37da3e8f19d384c9e82a93071bf374c

  • SHA512

    9d1eaec9bfc177417b6536f7c52f531484df1bcd9b12cc1397e699e5798b3548a7e4b113c86ce94edb66e0e033397b26097a4b3a667bc4b22a65889869c23092

  • SSDEEP

    1536:uIxLEW9FmgCTY5rk4Yg+bjabgcXiXUwXfzwv:hxosFmgytcXGPzwv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      8b298c6883b8ed403f9b7bc3a87dcaeed37da3e8f19d384c9e82a93071bf374c

    • Size

      64KB

    • MD5

      95e38386a7a2b1d73cceccbc23e6383f

    • SHA1

      c237ff491f1d2570fbbd445a0d6b94e80371688a

    • SHA256

      8b298c6883b8ed403f9b7bc3a87dcaeed37da3e8f19d384c9e82a93071bf374c

    • SHA512

      9d1eaec9bfc177417b6536f7c52f531484df1bcd9b12cc1397e699e5798b3548a7e4b113c86ce94edb66e0e033397b26097a4b3a667bc4b22a65889869c23092

    • SSDEEP

      1536:uIxLEW9FmgCTY5rk4Yg+bjabgcXiXUwXfzwv:hxosFmgytcXGPzwv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks