Overview

overview

10

Static

static

3

3c23c979ca...2N.exe

windows7-x64

10

3c23c979ca...2N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c23c979ca1fe79ead99a6d82ad4eb3c1cfc2da05684bb80f50cb8938b49eb32N

  • Size

    565KB

  • Sample

    240919-yjkpdaxbmd

  • MD5

    a441601088c931cf67f4ceac2f1481a0

  • SHA1

    f980df1ec1ffdd736a8f6ad7d2cf927aee5bd0f6

  • SHA256

    3c23c979ca1fe79ead99a6d82ad4eb3c1cfc2da05684bb80f50cb8938b49eb32

  • SHA512

    248dd93c0523d2c156381de1d403ee973f048fd983ed783354b778d9d3a51ec5ab894ec849d20a5d9bfed318363fedff79942f2d39c53fd9b803356f5bb2009f

  • SSDEEP

    12288:tfjsVV7dtuFjAh//+zrWAIAqWim/+zrWAI5KF8OX:t7yXtuFjAh/mvFimm09OX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3c23c979ca1fe79ead99a6d82ad4eb3c1cfc2da05684bb80f50cb8938b49eb32N

    • Size

      565KB

    • MD5

      a441601088c931cf67f4ceac2f1481a0

    • SHA1

      f980df1ec1ffdd736a8f6ad7d2cf927aee5bd0f6

    • SHA256

      3c23c979ca1fe79ead99a6d82ad4eb3c1cfc2da05684bb80f50cb8938b49eb32

    • SHA512

      248dd93c0523d2c156381de1d403ee973f048fd983ed783354b778d9d3a51ec5ab894ec849d20a5d9bfed318363fedff79942f2d39c53fd9b803356f5bb2009f

    • SSDEEP

      12288:tfjsVV7dtuFjAh//+zrWAIAqWim/+zrWAI5KF8OX:t7yXtuFjAh/mvFimm09OX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks