Overview

overview

10

Static

static

3

7687608b83...60.exe

windows7-x64

10

7687608b83...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7687608b832d694a6ae215ec20ad5a471192c98ed7fdf3a8273720a7a5b43760

  • Size

    88KB

  • Sample

    240918-24j55axhjg

  • MD5

    ae13e44ff10ca38a75cbed38862a894a

  • SHA1

    7227c87fbcad7d80a5a3d4ea0c621c4aee25e5b2

  • SHA256

    7687608b832d694a6ae215ec20ad5a471192c98ed7fdf3a8273720a7a5b43760

  • SHA512

    3e922d30c055f4e972f49a29eaaa6743b93ae5cb2127d808f037052f1b7c71d81456bf54607073c1648d9c35ec9373f9109b75cb75a70b24690f08b78b12ae20

  • SSDEEP

    1536:n7Xm8eDsVrrcUQ8s18N7gHhYTY0ga3KNvrxdI9nouy8L:7XnVrA6NEBA32jxdIFoutL

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7687608b832d694a6ae215ec20ad5a471192c98ed7fdf3a8273720a7a5b43760

    • Size

      88KB

    • MD5

      ae13e44ff10ca38a75cbed38862a894a

    • SHA1

      7227c87fbcad7d80a5a3d4ea0c621c4aee25e5b2

    • SHA256

      7687608b832d694a6ae215ec20ad5a471192c98ed7fdf3a8273720a7a5b43760

    • SHA512

      3e922d30c055f4e972f49a29eaaa6743b93ae5cb2127d808f037052f1b7c71d81456bf54607073c1648d9c35ec9373f9109b75cb75a70b24690f08b78b12ae20

    • SSDEEP

      1536:n7Xm8eDsVrrcUQ8s18N7gHhYTY0ga3KNvrxdI9nouy8L:7XnVrA6NEBA32jxdIFoutL

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks