Overview

overview

10

Static

static

3

b6826350ca...3N.exe

windows7-x64

10

b6826350ca...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6826350ca93015456a762553239de3ba109c0cd87d528ac8704cfcd7c251293N

  • Size

    121KB

  • Sample

    240930-p19kdswdlk

  • MD5

    a5dc397f5a3761d96eb3936987d61350

  • SHA1

    7cbac95b462bad30b12b1cdbc1d6872f5edfebdd

  • SHA256

    b6826350ca93015456a762553239de3ba109c0cd87d528ac8704cfcd7c251293

  • SHA512

    0c2613b7925536d7e79cf4b4b233350b2dd3f75e156fd9fcb89e7a5dfa5361f997d21f68e4aee13bdd5349449503f024016188bcd5e80d64b8658d3c644ab440

  • SSDEEP

    3072:Qeu850vHa+LAoN0yPQBMK/G4O7AJnD5tvv:cv6+LAoN0kK/G4Oarvv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b6826350ca93015456a762553239de3ba109c0cd87d528ac8704cfcd7c251293N

    • Size

      121KB

    • MD5

      a5dc397f5a3761d96eb3936987d61350

    • SHA1

      7cbac95b462bad30b12b1cdbc1d6872f5edfebdd

    • SHA256

      b6826350ca93015456a762553239de3ba109c0cd87d528ac8704cfcd7c251293

    • SHA512

      0c2613b7925536d7e79cf4b4b233350b2dd3f75e156fd9fcb89e7a5dfa5361f997d21f68e4aee13bdd5349449503f024016188bcd5e80d64b8658d3c644ab440

    • SSDEEP

      3072:Qeu850vHa+LAoN0yPQBMK/G4O7AJnD5tvv:cv6+LAoN0kK/G4Oarvv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks