Overview

overview

10

Static

static

3

ed58c0b6b0...a1.exe

windows7-x64

10

ed58c0b6b0...a1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed58c0b6b06885a79a88a5ee3a5aeea3c091b62ab336589c4c6720159edc52a1

  • Size

    74KB

  • Sample

    240919-dnnxdayamn

  • MD5

    7e01fb154be06b09ec887f3cc78e27b4

  • SHA1

    c51cbbcfb69c3ef83613f3017c11b28f82d1cf1f

  • SHA256

    ed58c0b6b06885a79a88a5ee3a5aeea3c091b62ab336589c4c6720159edc52a1

  • SHA512

    acc1529f0873bb6735b6f4d27bc108c4d2e6190ba10b5f6769a7bbaa8ef3dec3d62db0993084c8515c5b39fd3dd10d9163e78f542ba88024024f7d0f34a93e5c

  • SSDEEP

    1536:PxYjfj7EhfKEzvzs5QNgWsC1dDsPOGHFchQPfH5FK:5W7EVK8NgaDsPxlpfHq

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ed58c0b6b06885a79a88a5ee3a5aeea3c091b62ab336589c4c6720159edc52a1

    • Size

      74KB

    • MD5

      7e01fb154be06b09ec887f3cc78e27b4

    • SHA1

      c51cbbcfb69c3ef83613f3017c11b28f82d1cf1f

    • SHA256

      ed58c0b6b06885a79a88a5ee3a5aeea3c091b62ab336589c4c6720159edc52a1

    • SHA512

      acc1529f0873bb6735b6f4d27bc108c4d2e6190ba10b5f6769a7bbaa8ef3dec3d62db0993084c8515c5b39fd3dd10d9163e78f542ba88024024f7d0f34a93e5c

    • SSDEEP

      1536:PxYjfj7EhfKEzvzs5QNgWsC1dDsPOGHFchQPfH5FK:5W7EVK8NgaDsPxlpfHq

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks