Overview

overview

10

Static

static

3

a8cfec1ae5...bN.exe

windows7-x64

10

a8cfec1ae5...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8cfec1ae5572d42ef646345fafebea3be6b93a8f8dfedff3885b81e3ea74a1bN

  • Size

    74KB

  • Sample

    240929-mj5trszgjq

  • MD5

    45e43d13cd8d268448a1cb854957b460

  • SHA1

    1e84570608cfcf428cb42e6b95770696bcc72650

  • SHA256

    a8cfec1ae5572d42ef646345fafebea3be6b93a8f8dfedff3885b81e3ea74a1b

  • SHA512

    547e1152538c5c6930434edf130afffd45db45f67947e4d40262e5b02dd52e01189925b4ab9615d227a8bed5b0edc4a0563ec854bc2c365469929f8c0ee9f774

  • SSDEEP

    1536:JKjteUouA94NQaPGOWeBHl8GKLgNMdeC1K:MnQghlHqG9MdxK

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a8cfec1ae5572d42ef646345fafebea3be6b93a8f8dfedff3885b81e3ea74a1bN

    • Size

      74KB

    • MD5

      45e43d13cd8d268448a1cb854957b460

    • SHA1

      1e84570608cfcf428cb42e6b95770696bcc72650

    • SHA256

      a8cfec1ae5572d42ef646345fafebea3be6b93a8f8dfedff3885b81e3ea74a1b

    • SHA512

      547e1152538c5c6930434edf130afffd45db45f67947e4d40262e5b02dd52e01189925b4ab9615d227a8bed5b0edc4a0563ec854bc2c365469929f8c0ee9f774

    • SSDEEP

      1536:JKjteUouA94NQaPGOWeBHl8GKLgNMdeC1K:MnQghlHqG9MdxK

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks