Overview

overview

10

Static

static

3

818a5e07a8...1N.exe

windows7-x64

10

818a5e07a8...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    818a5e07a848ec39dfb51d2c14d68b45ae8f9e03adc6098233d4b231d61495a1N

  • Size

    94KB

  • Sample

    240919-dpr1esxgqe

  • MD5

    0dc2e785644a36833024bfa9806b3740

  • SHA1

    e989ad691de7ac62ed38ac973ea979887a07db98

  • SHA256

    818a5e07a848ec39dfb51d2c14d68b45ae8f9e03adc6098233d4b231d61495a1

  • SHA512

    0fcf5a36e205eac639cd3c870b5c35926bbd0d90954e451567ce2cf730633be20c3067b4da44ee38ff24ef1f1d8d04dbfb8f35f2a48ea2e45a93b8884eb2f79a

  • SSDEEP

    1536:71LnzviO5zQGDCIjpNV9ImLTXO5LYX205vTK7BR9L4DT2EnINs:xz6u/x3qwzxK6+ob

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      818a5e07a848ec39dfb51d2c14d68b45ae8f9e03adc6098233d4b231d61495a1N

    • Size

      94KB

    • MD5

      0dc2e785644a36833024bfa9806b3740

    • SHA1

      e989ad691de7ac62ed38ac973ea979887a07db98

    • SHA256

      818a5e07a848ec39dfb51d2c14d68b45ae8f9e03adc6098233d4b231d61495a1

    • SHA512

      0fcf5a36e205eac639cd3c870b5c35926bbd0d90954e451567ce2cf730633be20c3067b4da44ee38ff24ef1f1d8d04dbfb8f35f2a48ea2e45a93b8884eb2f79a

    • SSDEEP

      1536:71LnzviO5zQGDCIjpNV9ImLTXO5LYX205vTK7BR9L4DT2EnINs:xz6u/x3qwzxK6+ob

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks