Overview

overview

10

Static

static

3

477b84440e...2N.exe

windows7-x64

10

477b84440e...2N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    477b84440ef50da170e0382b620c009c2eb379fe6bc8053be1e5cb8d224c8792N

  • Size

    80KB

  • Sample

    240927-n21hfatejb

  • MD5

    9a2e1d63e3cfb346df9aae929e58cbe0

  • SHA1

    8f20027a12dddf99087f98409bc83cb5155f193e

  • SHA256

    477b84440ef50da170e0382b620c009c2eb379fe6bc8053be1e5cb8d224c8792

  • SHA512

    adc99794d91afa45c0e038880d2494afce960278f70f3ea7e27d130fe85dc3bdfa30af9cd00843636b436123fb7ec4d75c5593c1d1f57e42b562d12e53e1dfa8

  • SSDEEP

    1536:mY+hIGthuG6TZlDtS2pHak7DxD6po9R+DLFq6wixGqp8Mn4yQE5VFeJuqnhCN:ZcX69dtS2pHak7lL+DL86wixGvM8EDFx

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      477b84440ef50da170e0382b620c009c2eb379fe6bc8053be1e5cb8d224c8792N

    • Size

      80KB

    • MD5

      9a2e1d63e3cfb346df9aae929e58cbe0

    • SHA1

      8f20027a12dddf99087f98409bc83cb5155f193e

    • SHA256

      477b84440ef50da170e0382b620c009c2eb379fe6bc8053be1e5cb8d224c8792

    • SHA512

      adc99794d91afa45c0e038880d2494afce960278f70f3ea7e27d130fe85dc3bdfa30af9cd00843636b436123fb7ec4d75c5593c1d1f57e42b562d12e53e1dfa8

    • SSDEEP

      1536:mY+hIGthuG6TZlDtS2pHak7DxD6po9R+DLFq6wixGqp8Mn4yQE5VFeJuqnhCN:ZcX69dtS2pHak7lL+DL86wixGvM8EDFx

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks