Overview

overview

10

Static

static

3

af4fce8df9...bN.exe

windows7-x64

10

af4fce8df9...bN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    af4fce8df96b59675eec596a1c20354aaa7518d9a3622da08cf064b6657c367bN

  • Size

    92KB

  • Sample

    241002-m3x82asdnm

  • MD5

    f14cfb4e299f12b5bda3d98bc6e3f920

  • SHA1

    5bb275a9dda22dc9e4f7d120d48163733766627c

  • SHA256

    af4fce8df96b59675eec596a1c20354aaa7518d9a3622da08cf064b6657c367b

  • SHA512

    ebb1ea119ee0ce535bc6b5d544dc697efe53c3b5bf499786e47fb0cf548e3580144f5e1743095a7db4e4a52da00cb50a5f23d762283362350f931944de7bb705

  • SSDEEP

    1536:fw4NpMe+L9BQKXwVIY0Sr73W8yfDD+GJ3asTFLXjRvVOsOcnKQrUoR24HsUs:rNp0XR4ImvWXfvNJ3zTRPe6THsR

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      af4fce8df96b59675eec596a1c20354aaa7518d9a3622da08cf064b6657c367bN

    • Size

      92KB

    • MD5

      f14cfb4e299f12b5bda3d98bc6e3f920

    • SHA1

      5bb275a9dda22dc9e4f7d120d48163733766627c

    • SHA256

      af4fce8df96b59675eec596a1c20354aaa7518d9a3622da08cf064b6657c367b

    • SHA512

      ebb1ea119ee0ce535bc6b5d544dc697efe53c3b5bf499786e47fb0cf548e3580144f5e1743095a7db4e4a52da00cb50a5f23d762283362350f931944de7bb705

    • SSDEEP

      1536:fw4NpMe+L9BQKXwVIY0Sr73W8yfDD+GJ3asTFLXjRvVOsOcnKQrUoR24HsUs:rNp0XR4ImvWXfvNJ3zTRPe6THsR

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks