Overview

overview

10

Static

static

3

cd859a3189...5N.exe

windows7-x64

10

cd859a3189...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd859a31890b00e3ff17effcf6d9bd7a884e9b8becb2b1de85c727d253697285N

  • Size

    96KB

  • Sample

    240919-dsy8xayaka

  • MD5

    cf1a1ec1b39db87e5cc49fd9edd448d0

  • SHA1

    e162c3861f5286ff39b5e9d1a00b57c87db8f4c6

  • SHA256

    cd859a31890b00e3ff17effcf6d9bd7a884e9b8becb2b1de85c727d253697285

  • SHA512

    cec2609c03866c1343729af4235dfc789fc2f0bb22f6f1cb6d3a4f7a1dc0381b74132ac400a35e63abba249bc8bfb844d1d34590bf493b5d87b0aa195bb160ac

  • SSDEEP

    1536:OWMmtrhcX1bPiNV7Uf2oZDI5b/xtjfh4GO42zrI2r6dNU7SrO9duV9jojTIvjrH:3M+r+lb68f2yI5b/xtjfh4GV2nI2r6Ld

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      cd859a31890b00e3ff17effcf6d9bd7a884e9b8becb2b1de85c727d253697285N

    • Size

      96KB

    • MD5

      cf1a1ec1b39db87e5cc49fd9edd448d0

    • SHA1

      e162c3861f5286ff39b5e9d1a00b57c87db8f4c6

    • SHA256

      cd859a31890b00e3ff17effcf6d9bd7a884e9b8becb2b1de85c727d253697285

    • SHA512

      cec2609c03866c1343729af4235dfc789fc2f0bb22f6f1cb6d3a4f7a1dc0381b74132ac400a35e63abba249bc8bfb844d1d34590bf493b5d87b0aa195bb160ac

    • SSDEEP

      1536:OWMmtrhcX1bPiNV7Uf2oZDI5b/xtjfh4GO42zrI2r6dNU7SrO9duV9jojTIvjrH:3M+r+lb68f2yI5b/xtjfh4GV2nI2r6Ld

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks