Overview

overview

10

Static

static

3

b5ab25007f...8N.exe

windows7-x64

10

b5ab25007f...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5ab25007f18eb92b1cf3dbce3c460d72de172e6c191271fa4f137aa9e38c448N

  • Size

    290KB

  • Sample

    241001-gt11nsthmn

  • MD5

    e46f771ba4c4e1269748f27c192a9140

  • SHA1

    bc9d0879f219cb6cc2782f59c7fefe2acb541bf6

  • SHA256

    b5ab25007f18eb92b1cf3dbce3c460d72de172e6c191271fa4f137aa9e38c448

  • SHA512

    64ccc7946bcccf482456011eb04e6aa43b8e447808d8fa8a3d8976a093efc9df22d99dfca687e84821382d49806383f2c14cfcf2ff540ea63418894410a65b61

  • SSDEEP

    6144:vik5KvOCSImQOySSKpRmSKeTk7eT74wBemiopySSKpRmSKeTk7eT:ivluKr7wgmiQKr

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b5ab25007f18eb92b1cf3dbce3c460d72de172e6c191271fa4f137aa9e38c448N

    • Size

      290KB

    • MD5

      e46f771ba4c4e1269748f27c192a9140

    • SHA1

      bc9d0879f219cb6cc2782f59c7fefe2acb541bf6

    • SHA256

      b5ab25007f18eb92b1cf3dbce3c460d72de172e6c191271fa4f137aa9e38c448

    • SHA512

      64ccc7946bcccf482456011eb04e6aa43b8e447808d8fa8a3d8976a093efc9df22d99dfca687e84821382d49806383f2c14cfcf2ff540ea63418894410a65b61

    • SSDEEP

      6144:vik5KvOCSImQOySSKpRmSKeTk7eT74wBemiopySSKpRmSKeTk7eT:ivluKr7wgmiQKr

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks