Overview

overview

10

Static

static

3

1524a0ce2d...bN.exe

windows7-x64

10

1524a0ce2d...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1524a0ce2de9e712fe5b05275209e58365ea3447377f12fcbc8ff1d8d52223bbN

  • Size

    96KB

  • Sample

    241001-gdd6zaxdqb

  • MD5

    70e3a68bd7ea8b835356247cac3c03d0

  • SHA1

    239163b315e8fce134a2acfbf5416326c073f8f7

  • SHA256

    1524a0ce2de9e712fe5b05275209e58365ea3447377f12fcbc8ff1d8d52223bb

  • SHA512

    73d87f6e9f77ef9393626b4e42ab06ecaa2ad3d3b719d9d7aecca56d36fdf81ee17f9000d6aa8fb1c4b057096871d1080efc3e00b77a1c8dc21d3ce5859a5fad

  • SSDEEP

    1536:e4aDTZF/JyJLSIDAgZNPxXMdBfcCRm1C5W/Pp7UIcPQ1nnnn6QC9NtVfcZF0fhry:e4aDFF/q3AgZN5cD5Rm1C5W/PlyVfcZ1

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1524a0ce2de9e712fe5b05275209e58365ea3447377f12fcbc8ff1d8d52223bbN

    • Size

      96KB

    • MD5

      70e3a68bd7ea8b835356247cac3c03d0

    • SHA1

      239163b315e8fce134a2acfbf5416326c073f8f7

    • SHA256

      1524a0ce2de9e712fe5b05275209e58365ea3447377f12fcbc8ff1d8d52223bb

    • SHA512

      73d87f6e9f77ef9393626b4e42ab06ecaa2ad3d3b719d9d7aecca56d36fdf81ee17f9000d6aa8fb1c4b057096871d1080efc3e00b77a1c8dc21d3ce5859a5fad

    • SSDEEP

      1536:e4aDTZF/JyJLSIDAgZNPxXMdBfcCRm1C5W/Pp7UIcPQ1nnnn6QC9NtVfcZF0fhry:e4aDFF/q3AgZN5cD5Rm1C5W/PlyVfcZ1

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks