Overview

overview

10

Static

static

3

3b9c1ff272...7N.exe

windows7-x64

10

3b9c1ff272...7N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3b9c1ff272df4a7ab2d607d56c5a19111b07b3d7b5a3f9dec347ec4f9d5cebd7N

  • Size

    93KB

  • Sample

    240921-m6hbzsyhmk

  • MD5

    69863302568038ccda77d774e1b1bcd0

  • SHA1

    b34f90c4037d4dcfd91f243546db5256c4716efe

  • SHA256

    3b9c1ff272df4a7ab2d607d56c5a19111b07b3d7b5a3f9dec347ec4f9d5cebd7

  • SHA512

    fc1dacbd07f1d9727c3793510eb904d825124aa9a37338ac16f35ed278ef745bd13c920c19e0d8466808ee312716a47696fe12bbf2f7f975cb605b9e48cc5b27

  • SSDEEP

    1536:QV7BP14i++qYC7dqX/0Amc4GKOaj59TnPPAPEddXE2QTR57UqdLoXR4TXjiwg58:2+i+kCsX/d4Gl2MUkLoXKvY58

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3b9c1ff272df4a7ab2d607d56c5a19111b07b3d7b5a3f9dec347ec4f9d5cebd7N

    • Size

      93KB

    • MD5

      69863302568038ccda77d774e1b1bcd0

    • SHA1

      b34f90c4037d4dcfd91f243546db5256c4716efe

    • SHA256

      3b9c1ff272df4a7ab2d607d56c5a19111b07b3d7b5a3f9dec347ec4f9d5cebd7

    • SHA512

      fc1dacbd07f1d9727c3793510eb904d825124aa9a37338ac16f35ed278ef745bd13c920c19e0d8466808ee312716a47696fe12bbf2f7f975cb605b9e48cc5b27

    • SSDEEP

      1536:QV7BP14i++qYC7dqX/0Amc4GKOaj59TnPPAPEddXE2QTR57UqdLoXR4TXjiwg58:2+i+kCsX/d4Gl2MUkLoXKvY58

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks