Overview

overview

10

Static

static

3

017ee8ce46...fN.exe

windows7-x64

10

017ee8ce46...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    017ee8ce46fad6c32ac7e15395b3d858e0a9ae9ea59b96e049e681c535f01c3fN

  • Size

    80KB

  • Sample

    241002-qsbh3asdla

  • MD5

    da57ab75aef5c9de1faf1fc7775c6dd0

  • SHA1

    57d05654f94564a504c4101a76fae7736f7ce033

  • SHA256

    017ee8ce46fad6c32ac7e15395b3d858e0a9ae9ea59b96e049e681c535f01c3f

  • SHA512

    d8ae9f5148d6a48aa08615cc0ac65e7cb1dc95ea0da8ab2312fb2a20c0206fc8f988f086fbf72b69453d5ad8ffd7f51f5be53b6b8d3730278302235fb6914c05

  • SSDEEP

    1536:mvFy2Ocs2lrioPBtu3wulWPQG3YNhUEHS/QYlZCE9NCFeJuqnhCN:oFyul2oJI37lWPpYNhZYlgE9NCFeJLCN

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      017ee8ce46fad6c32ac7e15395b3d858e0a9ae9ea59b96e049e681c535f01c3fN

    • Size

      80KB

    • MD5

      da57ab75aef5c9de1faf1fc7775c6dd0

    • SHA1

      57d05654f94564a504c4101a76fae7736f7ce033

    • SHA256

      017ee8ce46fad6c32ac7e15395b3d858e0a9ae9ea59b96e049e681c535f01c3f

    • SHA512

      d8ae9f5148d6a48aa08615cc0ac65e7cb1dc95ea0da8ab2312fb2a20c0206fc8f988f086fbf72b69453d5ad8ffd7f51f5be53b6b8d3730278302235fb6914c05

    • SSDEEP

      1536:mvFy2Ocs2lrioPBtu3wulWPQG3YNhUEHS/QYlZCE9NCFeJuqnhCN:oFyul2oJI37lWPpYNhZYlgE9NCFeJLCN

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks