Overview

overview

10

Static

static

3

91f97a7d55...6N.exe

windows7-x64

10

91f97a7d55...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    91f97a7d558bf94ebb16d7f02a8401ba0a5409627309970241c48d3238a89f16N

  • Size

    80KB

  • Sample

    240930-hqw3zs1flp

  • MD5

    ad54348d71902d70050df383a7c81280

  • SHA1

    ae595eef954cc803aa3adb3ed55932f54be26980

  • SHA256

    91f97a7d558bf94ebb16d7f02a8401ba0a5409627309970241c48d3238a89f16

  • SHA512

    98a22afdc2045bf37b3dda8b6be6f960af3a1c939de1f38867e280b3d2c3b1dd34a604db5b3d8eb4d0452bdef69ec240a3d76d6f773dbfb66cb219493467d68c

  • SSDEEP

    1536:Dzk1sT4O9Ox+yrLHcF4hJq8XlPiacBubLHG+FeJuqnhCN:/AsTGxfrL8FQ/XlPKBum+FeJLCN

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      91f97a7d558bf94ebb16d7f02a8401ba0a5409627309970241c48d3238a89f16N

    • Size

      80KB

    • MD5

      ad54348d71902d70050df383a7c81280

    • SHA1

      ae595eef954cc803aa3adb3ed55932f54be26980

    • SHA256

      91f97a7d558bf94ebb16d7f02a8401ba0a5409627309970241c48d3238a89f16

    • SHA512

      98a22afdc2045bf37b3dda8b6be6f960af3a1c939de1f38867e280b3d2c3b1dd34a604db5b3d8eb4d0452bdef69ec240a3d76d6f773dbfb66cb219493467d68c

    • SSDEEP

      1536:Dzk1sT4O9Ox+yrLHcF4hJq8XlPiacBubLHG+FeJuqnhCN:/AsTGxfrL8FQ/XlPKBum+FeJLCN

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks