Overview

overview

10

Static

static

10

14669d1fb0...bN.exe

windows7-x64

10

14669d1fb0...bN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    14669d1fb06d021a19e4df85e0bd3cda1a2b1b0e6f9a565ea3d38c9af2fe9e3bN

  • Size

    123KB

  • Sample

    240927-qln6ksthqj

  • MD5

    819d75ad84387381922d7c108c836150

  • SHA1

    2e6f4d72b7e0ec284cedbab7453e421b3f8167b4

  • SHA256

    14669d1fb06d021a19e4df85e0bd3cda1a2b1b0e6f9a565ea3d38c9af2fe9e3b

  • SHA512

    7f42367d1f7d19447328e04e72731aa2f0fe6b693802ce80891376f7b166fc06ab1493ebbf4cc6ae701ed869f039ea8091fb343f5e7ac08c40f77f94eb6cbbfb

  • SSDEEP

    3072:qol7FOOJLWeIrubbTSGbYxRYSa9rR85DEn5k7rRr:qG0LrmXWx4rQD85k/Rr

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      14669d1fb06d021a19e4df85e0bd3cda1a2b1b0e6f9a565ea3d38c9af2fe9e3bN

    • Size

      123KB

    • MD5

      819d75ad84387381922d7c108c836150

    • SHA1

      2e6f4d72b7e0ec284cedbab7453e421b3f8167b4

    • SHA256

      14669d1fb06d021a19e4df85e0bd3cda1a2b1b0e6f9a565ea3d38c9af2fe9e3b

    • SHA512

      7f42367d1f7d19447328e04e72731aa2f0fe6b693802ce80891376f7b166fc06ab1493ebbf4cc6ae701ed869f039ea8091fb343f5e7ac08c40f77f94eb6cbbfb

    • SSDEEP

      3072:qol7FOOJLWeIrubbTSGbYxRYSa9rR85DEn5k7rRr:qG0LrmXWx4rQD85k/Rr

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks