Overview

overview

10

Static

static

3

ddcce1160f...f0.exe

windows7-x64

10

ddcce1160f...f0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ddcce1160ff6c28a8565940fb9dc3a82d7cc0481272b01d3f1141670cfb7f2f0

  • Size

    100KB

  • Sample

    240929-d6wpyaycrp

  • MD5

    e5565a6950692c3fe5e982d430ec7f42

  • SHA1

    f39efb76c61414ca92142c3ff0ef188f748a26c5

  • SHA256

    ddcce1160ff6c28a8565940fb9dc3a82d7cc0481272b01d3f1141670cfb7f2f0

  • SHA512

    d4e1dcc6ab4bdc71e03845ea874d52014dda1cceb48b2e200eebf2298ca88fa4ce9cf7434d0ecf9ab546ad9f586e6f74f87718b631e7e78e2113819b363a7853

  • SSDEEP

    1536:BG8YAQC6hmHg1D5idsID+OqataawCzfF7D3h9UjOgHFgblQQa3+om13XRzT:Y8YyjgV5QTL39hOlgb3a3+X13XRzT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ddcce1160ff6c28a8565940fb9dc3a82d7cc0481272b01d3f1141670cfb7f2f0

    • Size

      100KB

    • MD5

      e5565a6950692c3fe5e982d430ec7f42

    • SHA1

      f39efb76c61414ca92142c3ff0ef188f748a26c5

    • SHA256

      ddcce1160ff6c28a8565940fb9dc3a82d7cc0481272b01d3f1141670cfb7f2f0

    • SHA512

      d4e1dcc6ab4bdc71e03845ea874d52014dda1cceb48b2e200eebf2298ca88fa4ce9cf7434d0ecf9ab546ad9f586e6f74f87718b631e7e78e2113819b363a7853

    • SSDEEP

      1536:BG8YAQC6hmHg1D5idsID+OqataawCzfF7D3h9UjOgHFgblQQa3+om13XRzT:Y8YyjgV5QTL39hOlgb3a3+X13XRzT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks