Overview

overview

10

Static

static

3

b98f29a646...cN.exe

windows7-x64

10

b98f29a646...cN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b98f29a64689abd755989ac559a47d08cee11f7d8962f3d8a87a20972f2d0b0cN

  • Size

    92KB

  • Sample

    241001-lgf7ysscnl

  • MD5

    a81b69a5bd37ccde929c3fee2b6c11d0

  • SHA1

    90a484c9e5db4c51fef6acb9b9d0fc78f7075c75

  • SHA256

    b98f29a64689abd755989ac559a47d08cee11f7d8962f3d8a87a20972f2d0b0c

  • SHA512

    6dd675cfa5d91e4095eecfd8dfe338fbe70e6baf897a04081dc30e3520aa6c1980d1b58307f8b6170d40c2ac672b085654fb1ba11f41be06506489c927e50618

  • SSDEEP

    1536:QHASe8opCr1FbWwyZF7LFy7Cf2CSJdWTO6vnKQrUoR24HsUs:QHAN8ay1ZSZF707CTVm6THsR

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b98f29a64689abd755989ac559a47d08cee11f7d8962f3d8a87a20972f2d0b0cN

    • Size

      92KB

    • MD5

      a81b69a5bd37ccde929c3fee2b6c11d0

    • SHA1

      90a484c9e5db4c51fef6acb9b9d0fc78f7075c75

    • SHA256

      b98f29a64689abd755989ac559a47d08cee11f7d8962f3d8a87a20972f2d0b0c

    • SHA512

      6dd675cfa5d91e4095eecfd8dfe338fbe70e6baf897a04081dc30e3520aa6c1980d1b58307f8b6170d40c2ac672b085654fb1ba11f41be06506489c927e50618

    • SSDEEP

      1536:QHASe8opCr1FbWwyZF7LFy7Cf2CSJdWTO6vnKQrUoR24HsUs:QHAN8ay1ZSZF707CTVm6THsR

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks