Overview

overview

10

Static

static

3

fd2c9ef53e...9N.exe

windows7-x64

10

fd2c9ef53e...9N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    fd2c9ef53e06c091703ef446f19ba7ca4e4119bcdeba9bedf29975917fcbb699N

  • Size

    320KB

  • Sample

    240918-ycdmgszfkq

  • MD5

    58ba7466196ff352a288305cceb32510

  • SHA1

    016960b9fbe068fa7c9aeece7e830be0d64229de

  • SHA256

    fd2c9ef53e06c091703ef446f19ba7ca4e4119bcdeba9bedf29975917fcbb699

  • SHA512

    73f3106d959df0d8a67048a8be043a5526d9394a10a94d22bfd47013463f47a8b4452633ddd1a079895d0b5d120b8bddbfcc65bfcba3fe0b16ea1c2f1e82db92

  • SSDEEP

    6144:VLBfjxhVivY9+3GyZ6YugQdjGG1wsKm6eBgdQbkoKTBEAz/6D4:jft3idGyXu1jGG1wsGeBgRTGAzc4

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      fd2c9ef53e06c091703ef446f19ba7ca4e4119bcdeba9bedf29975917fcbb699N

    • Size

      320KB

    • MD5

      58ba7466196ff352a288305cceb32510

    • SHA1

      016960b9fbe068fa7c9aeece7e830be0d64229de

    • SHA256

      fd2c9ef53e06c091703ef446f19ba7ca4e4119bcdeba9bedf29975917fcbb699

    • SHA512

      73f3106d959df0d8a67048a8be043a5526d9394a10a94d22bfd47013463f47a8b4452633ddd1a079895d0b5d120b8bddbfcc65bfcba3fe0b16ea1c2f1e82db92

    • SSDEEP

      6144:VLBfjxhVivY9+3GyZ6YugQdjGG1wsKm6eBgdQbkoKTBEAz/6D4:jft3idGyXu1jGG1wsGeBgRTGAzc4

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks