Overview

overview

10

Static

static

3

531f9b696f...49.exe

windows7-x64

10

531f9b696f...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    531f9b696ff3f41b363a799d45a2db4c28112e89d11a194cd2fce74be8d04c49

  • Size

    384KB

  • Sample

    250307-kjx3taxsdz

  • MD5

    ae25ade169ac750d05b02d0f671f7a81

  • SHA1

    92ce2344a18ff2faf2c3937c56718bb46bb34abc

  • SHA256

    531f9b696ff3f41b363a799d45a2db4c28112e89d11a194cd2fce74be8d04c49

  • SHA512

    b185a9d50aa470ccf5be4991c0b22b2b31760e6f7ceeeabdc36030375fd18dedefe60d233bab09276a5d1d8c9d4e0e96c373846017da14acd275f44f07fd03cc

  • SSDEEP

    6144:MggJOAs4y70u4HXs4yr0u490u4Ds4yvW8C:MHC4O0dHc4i0d90dA4D

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      531f9b696ff3f41b363a799d45a2db4c28112e89d11a194cd2fce74be8d04c49

    • Size

      384KB

    • MD5

      ae25ade169ac750d05b02d0f671f7a81

    • SHA1

      92ce2344a18ff2faf2c3937c56718bb46bb34abc

    • SHA256

      531f9b696ff3f41b363a799d45a2db4c28112e89d11a194cd2fce74be8d04c49

    • SHA512

      b185a9d50aa470ccf5be4991c0b22b2b31760e6f7ceeeabdc36030375fd18dedefe60d233bab09276a5d1d8c9d4e0e96c373846017da14acd275f44f07fd03cc

    • SSDEEP

      6144:MggJOAs4y70u4HXs4yr0u490u4Ds4yvW8C:MHC4O0dHc4i0d90dA4D

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks