Overview

overview

10

Static

static

3

23a1841893...bN.exe

windows7-x64

10

23a1841893...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23a1841893e674af6020389e4cb528057702d39f8173b0cef810ee76d5a9dfbbN

  • Size

    136KB

  • Sample

    240927-1etgtsshna

  • MD5

    cd009113519b87e7c61b2c3eb33c2b30

  • SHA1

    bb84f80106ad73a7cc22c4c839dca278805856c2

  • SHA256

    23a1841893e674af6020389e4cb528057702d39f8173b0cef810ee76d5a9dfbb

  • SHA512

    c624b8e5fcb4ec8810dcefdc8740cf19afcf91092805d368ef617f5793eb92e8e3a695e99efe136fcdb54a172264e8e51e5f67bc68a2aeb523c8ee42853a4801

  • SSDEEP

    1536:Giz6GvSKN645+GENRHr29n9+WolSbLaHFNqh31yCgXpGejz0cZ44mjD9r823FQ7N:NRZn5aRHUT4FNq11Ap6i/mjRrz3OT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      23a1841893e674af6020389e4cb528057702d39f8173b0cef810ee76d5a9dfbbN

    • Size

      136KB

    • MD5

      cd009113519b87e7c61b2c3eb33c2b30

    • SHA1

      bb84f80106ad73a7cc22c4c839dca278805856c2

    • SHA256

      23a1841893e674af6020389e4cb528057702d39f8173b0cef810ee76d5a9dfbb

    • SHA512

      c624b8e5fcb4ec8810dcefdc8740cf19afcf91092805d368ef617f5793eb92e8e3a695e99efe136fcdb54a172264e8e51e5f67bc68a2aeb523c8ee42853a4801

    • SSDEEP

      1536:Giz6GvSKN645+GENRHr29n9+WolSbLaHFNqh31yCgXpGejz0cZ44mjD9r823FQ7N:NRZn5aRHUT4FNq11Ap6i/mjRrz3OT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks