Overview

overview

10

Static

static

10

cc88c98bca...9N.exe

windows7-x64

10

cc88c98bca...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc88c98bca4325c48e1c32ed1eb4aef0fef6a39a2a1ad334a5094898f15467e9N

  • Size

    104KB

  • Sample

    240919-ggjkvstflp

  • MD5

    58f160e9ccfea0c762c8e581b979bd70

  • SHA1

    e21b871fe86d40b77ca6f2ad57a67271151bb32a

  • SHA256

    cc88c98bca4325c48e1c32ed1eb4aef0fef6a39a2a1ad334a5094898f15467e9

  • SHA512

    351a0301694857875a557c23cc14b0353b362bd52efbd544c0cbb000493b2fb3dfc6acff7917833e7a34de6163e4224873afdd686d248d50c388ab8a7045868c

  • SSDEEP

    1536:SrEQG/2Y8RvouEU9ngU6vfWfhunUbCPGlFHflqsrnxqRVkeyyVr3iwcH2ogHq/ir:gEQG0VNavOfh/5HfVk3kremwc/gHq/e

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      cc88c98bca4325c48e1c32ed1eb4aef0fef6a39a2a1ad334a5094898f15467e9N

    • Size

      104KB

    • MD5

      58f160e9ccfea0c762c8e581b979bd70

    • SHA1

      e21b871fe86d40b77ca6f2ad57a67271151bb32a

    • SHA256

      cc88c98bca4325c48e1c32ed1eb4aef0fef6a39a2a1ad334a5094898f15467e9

    • SHA512

      351a0301694857875a557c23cc14b0353b362bd52efbd544c0cbb000493b2fb3dfc6acff7917833e7a34de6163e4224873afdd686d248d50c388ab8a7045868c

    • SSDEEP

      1536:SrEQG/2Y8RvouEU9ngU6vfWfhunUbCPGlFHflqsrnxqRVkeyyVr3iwcH2ogHq/ir:gEQG0VNavOfh/5HfVk3kremwc/gHq/e

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks