Overview

overview

10

Static

static

3

39bc8cb2ba...7N.exe

windows7-x64

10

39bc8cb2ba...7N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    39bc8cb2ba3b9a32b798732449e0ba5ac459d60dc0ae9623f973bf53ae457807N

  • Size

    90KB

  • Sample

    240930-trkl5aycpf

  • MD5

    c9fdbb531f7d41a5316d97e8a02d9c90

  • SHA1

    ac40fda1d0b69ed32fcba7bf06bada15c092f922

  • SHA256

    39bc8cb2ba3b9a32b798732449e0ba5ac459d60dc0ae9623f973bf53ae457807

  • SHA512

    539f9329ca75db09b2d1c19f218f0e9eda7ace10392575ce4b4af08311da78b137103f9ecff278728222ff84774d7e3fc95ef36a02b6c38bfabd8a62cebea0d9

  • SSDEEP

    1536:HdHMP824vaQGSM46qCGop2MRbqT9D7JyGySu/Ub0VkVNK:9sPH4CHSM46qIptRU9D78GRu/Ub0+NK

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      39bc8cb2ba3b9a32b798732449e0ba5ac459d60dc0ae9623f973bf53ae457807N

    • Size

      90KB

    • MD5

      c9fdbb531f7d41a5316d97e8a02d9c90

    • SHA1

      ac40fda1d0b69ed32fcba7bf06bada15c092f922

    • SHA256

      39bc8cb2ba3b9a32b798732449e0ba5ac459d60dc0ae9623f973bf53ae457807

    • SHA512

      539f9329ca75db09b2d1c19f218f0e9eda7ace10392575ce4b4af08311da78b137103f9ecff278728222ff84774d7e3fc95ef36a02b6c38bfabd8a62cebea0d9

    • SSDEEP

      1536:HdHMP824vaQGSM46qCGop2MRbqT9D7JyGySu/Ub0VkVNK:9sPH4CHSM46qIptRU9D78GRu/Ub0+NK

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks