Overview

overview

10

Static

static

3

200fbb3523...9N.exe

windows7-x64

10

200fbb3523...9N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    200fbb3523009f1fa3561aeb944008b6a32790e54c98575c39b50b3ccd0608c9N

  • Size

    265KB

  • Sample

    241001-nr8fas1fjb

  • MD5

    12e5215beef1a31148dffa39bb7eb3f0

  • SHA1

    dc7d2fafa3a2d22dac85dec9ecbca6d5bda1c2d8

  • SHA256

    200fbb3523009f1fa3561aeb944008b6a32790e54c98575c39b50b3ccd0608c9

  • SHA512

    84dcae6b56448382834106929e7dd6461f39be5da775d995cc1b236410103e9350237b170ce48f23c434a98d82a3de6661bdf19c0e3eedcc4e1eeeb272772720

  • SSDEEP

    6144:YQCN4OiwnErqLTLp103ETiZ0moGP/2dga1mcyw7I:NbOigpScXwuR1mK7

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      200fbb3523009f1fa3561aeb944008b6a32790e54c98575c39b50b3ccd0608c9N

    • Size

      265KB

    • MD5

      12e5215beef1a31148dffa39bb7eb3f0

    • SHA1

      dc7d2fafa3a2d22dac85dec9ecbca6d5bda1c2d8

    • SHA256

      200fbb3523009f1fa3561aeb944008b6a32790e54c98575c39b50b3ccd0608c9

    • SHA512

      84dcae6b56448382834106929e7dd6461f39be5da775d995cc1b236410103e9350237b170ce48f23c434a98d82a3de6661bdf19c0e3eedcc4e1eeeb272772720

    • SSDEEP

      6144:YQCN4OiwnErqLTLp103ETiZ0moGP/2dga1mcyw7I:NbOigpScXwuR1mK7

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks