Overview

overview

10

Static

static

3

14d3624c0f...e0.exe

windows7-x64

10

14d3624c0f...e0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    14d3624c0ffadbc06d1864ccd8314b21f428fc6b21077a08be0363803637dde0

  • Size

    296KB

  • Sample

    240921-xgv7naxena

  • MD5

    c430d3dad94420b2dc90544c24e4c39d

  • SHA1

    c99677a1c657557cb2bb00edec5c0409fd55a0cb

  • SHA256

    14d3624c0ffadbc06d1864ccd8314b21f428fc6b21077a08be0363803637dde0

  • SHA512

    859610c3535ae446dac98bb64c04b3ee84417b48e54f50893e36153430881912c3612c04754b469d83c4f5852214f518e34741f32d7b0f1bf8a055c2851bd3dc

  • SSDEEP

    3072:BV4Q0ZiFqZ+AQsg6ARA1+6NhZ6P0c9fpxg6pg:0iPASANPKG6g

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      14d3624c0ffadbc06d1864ccd8314b21f428fc6b21077a08be0363803637dde0

    • Size

      296KB

    • MD5

      c430d3dad94420b2dc90544c24e4c39d

    • SHA1

      c99677a1c657557cb2bb00edec5c0409fd55a0cb

    • SHA256

      14d3624c0ffadbc06d1864ccd8314b21f428fc6b21077a08be0363803637dde0

    • SHA512

      859610c3535ae446dac98bb64c04b3ee84417b48e54f50893e36153430881912c3612c04754b469d83c4f5852214f518e34741f32d7b0f1bf8a055c2851bd3dc

    • SSDEEP

      3072:BV4Q0ZiFqZ+AQsg6ARA1+6NhZ6P0c9fpxg6pg:0iPASANPKG6g

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks