Overview

overview

10

Static

static

3

57a02300db...6N.exe

windows7-x64

10

57a02300db...6N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    57a02300db097016b220cb75de9e4fd2ca19fe0a9439285c3175132b5cf49846N

  • Size

    90KB

  • Sample

    241001-xpybzswakn

  • MD5

    3842c51bd3ff23cde02b694ab13fc8f0

  • SHA1

    39de650429f4fbc88f5328179d281676c0e58eff

  • SHA256

    57a02300db097016b220cb75de9e4fd2ca19fe0a9439285c3175132b5cf49846

  • SHA512

    1f563819001841468b56fc8cad5ab6afc3c035ed6731766adfb189d5393bf05c03c35114fcc71616e10ae4440a68e3e3739c9a2d5426e6f1b8e30dac5d787d7e

  • SSDEEP

    1536:wBdLJtYAA9Xz7CKORMKQPWgBahOL0SLkv8688RVvXIFJkxZZZZZZZZZZZZZZUZZU:wDmSKORMKQPWgBahOL0SLkv8688RAJ2B

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      57a02300db097016b220cb75de9e4fd2ca19fe0a9439285c3175132b5cf49846N

    • Size

      90KB

    • MD5

      3842c51bd3ff23cde02b694ab13fc8f0

    • SHA1

      39de650429f4fbc88f5328179d281676c0e58eff

    • SHA256

      57a02300db097016b220cb75de9e4fd2ca19fe0a9439285c3175132b5cf49846

    • SHA512

      1f563819001841468b56fc8cad5ab6afc3c035ed6731766adfb189d5393bf05c03c35114fcc71616e10ae4440a68e3e3739c9a2d5426e6f1b8e30dac5d787d7e

    • SSDEEP

      1536:wBdLJtYAA9Xz7CKORMKQPWgBahOL0SLkv8688RVvXIFJkxZZZZZZZZZZZZZZUZZU:wDmSKORMKQPWgBahOL0SLkv8688RAJ2B

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks