Overview

overview

10

Static

static

3

23418af172...fN.exe

windows7-x64

10

23418af172...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23418af1728a6cbcf78705b17f654bd4d749295b1a2d4eb345bb884f5f087e6fN

  • Size

    90KB

  • Sample

    240919-gxexlsvcnp

  • MD5

    fe8b21c888baac86027f88c9f6670f00

  • SHA1

    3f26adcad46b396193e5e3f493848957340a2688

  • SHA256

    23418af1728a6cbcf78705b17f654bd4d749295b1a2d4eb345bb884f5f087e6f

  • SHA512

    e302ddfc6137642f40a209ba94b6538e22a38884a4e5e4aaac51901af0227955910b14992cd5a987521378d718d3a3de0a1ecf15bd022ce7808c583b0fa045e5

  • SSDEEP

    768:cpEp4cn7hzaMKR2PgG4PiDI/iYVqgYjJ+vAlOmybiVN2OmvDPBf53fm4PNiHwKGv:0uRAMKMqY3UbJtrK6OZoGdu/Ub0VkVNK

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      23418af1728a6cbcf78705b17f654bd4d749295b1a2d4eb345bb884f5f087e6fN

    • Size

      90KB

    • MD5

      fe8b21c888baac86027f88c9f6670f00

    • SHA1

      3f26adcad46b396193e5e3f493848957340a2688

    • SHA256

      23418af1728a6cbcf78705b17f654bd4d749295b1a2d4eb345bb884f5f087e6f

    • SHA512

      e302ddfc6137642f40a209ba94b6538e22a38884a4e5e4aaac51901af0227955910b14992cd5a987521378d718d3a3de0a1ecf15bd022ce7808c583b0fa045e5

    • SSDEEP

      768:cpEp4cn7hzaMKR2PgG4PiDI/iYVqgYjJ+vAlOmybiVN2OmvDPBf53fm4PNiHwKGv:0uRAMKMqY3UbJtrK6OZoGdu/Ub0VkVNK

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks