Overview

overview

10

Static

static

10

6218cecf4d...5N.exe

windows7-x64

10

6218cecf4d...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6218cecf4dac616db65b1ec73fae383f80c9c06c4f5102ecd945dd25d159c525N

  • Size

    160KB

  • Sample

    240919-g1p7ravbme

  • MD5

    afe73a30b698ee3e85bc0d9e559abbb0

  • SHA1

    eb2d43003911b17c4794f3addb1690651779d3e2

  • SHA256

    6218cecf4dac616db65b1ec73fae383f80c9c06c4f5102ecd945dd25d159c525

  • SHA512

    065256205a188c6679a19fc25afe328f1b72d38ded5848c17365b9e465d4e2921c5df999de1acbaf471517233a16bd55fb34034aad534c13500fcdc1ed5d4999

  • SSDEEP

    3072:KuqVe6WE9ZgHTZfbhIwIgb3a3+X13XRzrgHq/Wp+YmKfxgQdxvr:KoU6TFF7aOl3BzrUmKyIxT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6218cecf4dac616db65b1ec73fae383f80c9c06c4f5102ecd945dd25d159c525N

    • Size

      160KB

    • MD5

      afe73a30b698ee3e85bc0d9e559abbb0

    • SHA1

      eb2d43003911b17c4794f3addb1690651779d3e2

    • SHA256

      6218cecf4dac616db65b1ec73fae383f80c9c06c4f5102ecd945dd25d159c525

    • SHA512

      065256205a188c6679a19fc25afe328f1b72d38ded5848c17365b9e465d4e2921c5df999de1acbaf471517233a16bd55fb34034aad534c13500fcdc1ed5d4999

    • SSDEEP

      3072:KuqVe6WE9ZgHTZfbhIwIgb3a3+X13XRzrgHq/Wp+YmKfxgQdxvr:KoU6TFF7aOl3BzrUmKyIxT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks