Overview

overview

10

Static

static

3

6911d5ad85...dN.exe

windows7-x64

10

6911d5ad85...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6911d5ad85547990e5f0299c431a0f392fcee2b517b628a119a2c7a344c2a3fdN

  • Size

    72KB

  • Sample

    240930-18cq6sxgjm

  • MD5

    dfd80d685b9c7fdf3089e0b4de95d280

  • SHA1

    7c186423642f99f0c61658d822c062391ca0cc83

  • SHA256

    6911d5ad85547990e5f0299c431a0f392fcee2b517b628a119a2c7a344c2a3fd

  • SHA512

    fd7de772547da17b1e4c4b04c255374d7f4d941be9320b87884727d9d2297f25b649c72c6d94b53a36f3a6db90a4c49223576ca4ed7a50be9e0224af1b7c05b5

  • SSDEEP

    1536:ZwDSXPlhXep8t+gwJm3df7DwJsRm3ZleaL0s8WOxFyOex:SS/TPHf7DqzPOxqx

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6911d5ad85547990e5f0299c431a0f392fcee2b517b628a119a2c7a344c2a3fdN

    • Size

      72KB

    • MD5

      dfd80d685b9c7fdf3089e0b4de95d280

    • SHA1

      7c186423642f99f0c61658d822c062391ca0cc83

    • SHA256

      6911d5ad85547990e5f0299c431a0f392fcee2b517b628a119a2c7a344c2a3fd

    • SHA512

      fd7de772547da17b1e4c4b04c255374d7f4d941be9320b87884727d9d2297f25b649c72c6d94b53a36f3a6db90a4c49223576ca4ed7a50be9e0224af1b7c05b5

    • SSDEEP

      1536:ZwDSXPlhXep8t+gwJm3df7DwJsRm3ZleaL0s8WOxFyOex:SS/TPHf7DqzPOxqx

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks