Overview

overview

10

Static

static

10

e3c87e0208...23.exe

windows7-x64

10

e3c87e0208...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3c87e020879dc0ecedb7656017d98b32e18b2d24ee62f5dce85b1a974e3e923

  • Size

    256KB

  • Sample

    240919-dc52hsxekq

  • MD5

    e0098a34f5a914212474578bc1826eeb

  • SHA1

    d0209e871f07fa542f1e78e3863bce54f1cf2b46

  • SHA256

    e3c87e020879dc0ecedb7656017d98b32e18b2d24ee62f5dce85b1a974e3e923

  • SHA512

    e576e99a7ecbe23558edd0362e34c53050aeb6d7531d461be8dfacf5b160161d4bb80a2265dfd0381fc14f26c8bfc352b006e41594bc8e64476b624b438ec0c9

  • SSDEEP

    6144:9aNm+tYS0GiguR5m6ni/GOORjMmRUoooooooooooooooooooooooooy/G:wNrtB0GibR5mai//OVLCoooooooooooC

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e3c87e020879dc0ecedb7656017d98b32e18b2d24ee62f5dce85b1a974e3e923

    • Size

      256KB

    • MD5

      e0098a34f5a914212474578bc1826eeb

    • SHA1

      d0209e871f07fa542f1e78e3863bce54f1cf2b46

    • SHA256

      e3c87e020879dc0ecedb7656017d98b32e18b2d24ee62f5dce85b1a974e3e923

    • SHA512

      e576e99a7ecbe23558edd0362e34c53050aeb6d7531d461be8dfacf5b160161d4bb80a2265dfd0381fc14f26c8bfc352b006e41594bc8e64476b624b438ec0c9

    • SSDEEP

      6144:9aNm+tYS0GiguR5m6ni/GOORjMmRUoooooooooooooooooooooooooy/G:wNrtB0GibR5mai//OVLCoooooooooooC

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks