Overview

overview

10

Static

static

3

c79b0c7e8e...3N.exe

windows7-x64

10

c79b0c7e8e...3N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c79b0c7e8e40969e94f7573cf958c16835e27f907c6fc18a6c1eb0d449a287a3N

  • Size

    108KB

  • Sample

    240930-qpm3paxflp

  • MD5

    f6fb608831fd8ee37cef1574a77a5d20

  • SHA1

    b75abdbf365a96eff1e6bea10814d0313752f29b

  • SHA256

    c79b0c7e8e40969e94f7573cf958c16835e27f907c6fc18a6c1eb0d449a287a3

  • SHA512

    7a166125d48eae7985c8d3c2bc7a1af8aec4f30494bb36d2a414282f3fb71c9ae4c32756c8e573e1c812a7bc242232ef2bad5e3e2b5e05e3fb5f91aa9d8172f9

  • SSDEEP

    3072:dgrco92TLX8xNMeCQLfRFcFmKcUsvKwF:dABNTCyJUs

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c79b0c7e8e40969e94f7573cf958c16835e27f907c6fc18a6c1eb0d449a287a3N

    • Size

      108KB

    • MD5

      f6fb608831fd8ee37cef1574a77a5d20

    • SHA1

      b75abdbf365a96eff1e6bea10814d0313752f29b

    • SHA256

      c79b0c7e8e40969e94f7573cf958c16835e27f907c6fc18a6c1eb0d449a287a3

    • SHA512

      7a166125d48eae7985c8d3c2bc7a1af8aec4f30494bb36d2a414282f3fb71c9ae4c32756c8e573e1c812a7bc242232ef2bad5e3e2b5e05e3fb5f91aa9d8172f9

    • SSDEEP

      3072:dgrco92TLX8xNMeCQLfRFcFmKcUsvKwF:dABNTCyJUs

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks