Overview

overview

10

Static

static

3

956019b4d2...3N.exe

windows7-x64

10

956019b4d2...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    956019b4d2157f925f3bac83ab48e0358037a6618c60dbcb55b6b08454aac343N

  • Size

    512KB

  • Sample

    240930-fmfkqaygpn

  • MD5

    ceb7dade2813bac83fb1da2dac70b2e0

  • SHA1

    088de903763a18baa212e4761e3443a3fece2458

  • SHA256

    956019b4d2157f925f3bac83ab48e0358037a6618c60dbcb55b6b08454aac343

  • SHA512

    259e10ceaf14ab26c7b952101e42b9657148e8823ee61ba862352add6850792e94806568c3ff50ae57d15f5047b711dc0c80e3bc161356547b0314f623bb2e29

  • SSDEEP

    12288:4qyBReRmkY660fIaDZkY660f8jTK/Xhdz:4VeRmgsaDZgQjGf

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      956019b4d2157f925f3bac83ab48e0358037a6618c60dbcb55b6b08454aac343N

    • Size

      512KB

    • MD5

      ceb7dade2813bac83fb1da2dac70b2e0

    • SHA1

      088de903763a18baa212e4761e3443a3fece2458

    • SHA256

      956019b4d2157f925f3bac83ab48e0358037a6618c60dbcb55b6b08454aac343

    • SHA512

      259e10ceaf14ab26c7b952101e42b9657148e8823ee61ba862352add6850792e94806568c3ff50ae57d15f5047b711dc0c80e3bc161356547b0314f623bb2e29

    • SSDEEP

      12288:4qyBReRmkY660fIaDZkY660f8jTK/Xhdz:4VeRmgsaDZgQjGf

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks