Overview

overview

10

Static

static

3

49cf35bf82...8N.exe

windows7-x64

10

49cf35bf82...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49cf35bf82b2c54df37d61eb9bbafba2400aef26c81b8423c6a92882e65b3838N

  • Size

    205KB

  • Sample

    240928-djsprswdrg

  • MD5

    babe3e257a95046f95f0317d09937970

  • SHA1

    def89a998803d02a45e59d5bc2fc05fab5780d9e

  • SHA256

    49cf35bf82b2c54df37d61eb9bbafba2400aef26c81b8423c6a92882e65b3838

  • SHA512

    3e331c87ad66e359476ef4681a9067900d3ffe77eec679d0b4b34f7a889a003cfb8e9e56b6620c091ea0e6959a05a18cfc4ba10fde408e7be76e06937a922486

  • SSDEEP

    6144:/6XDLR/Y1j1GyZ6YugQdjGG1wsKm6eBgdQbz:CZg1hGyXu1jGG1wsGeBg8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      49cf35bf82b2c54df37d61eb9bbafba2400aef26c81b8423c6a92882e65b3838N

    • Size

      205KB

    • MD5

      babe3e257a95046f95f0317d09937970

    • SHA1

      def89a998803d02a45e59d5bc2fc05fab5780d9e

    • SHA256

      49cf35bf82b2c54df37d61eb9bbafba2400aef26c81b8423c6a92882e65b3838

    • SHA512

      3e331c87ad66e359476ef4681a9067900d3ffe77eec679d0b4b34f7a889a003cfb8e9e56b6620c091ea0e6959a05a18cfc4ba10fde408e7be76e06937a922486

    • SSDEEP

      6144:/6XDLR/Y1j1GyZ6YugQdjGG1wsKm6eBgdQbz:CZg1hGyXu1jGG1wsGeBg8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.