Overview

overview

10

Static

static

3

50223aa3ef...3N.exe

windows7-x64

10

50223aa3ef...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50223aa3ef5a0374db1af67b8adb0d683419d5096f170f7a4328ee5b4c424c63N

  • Size

    90KB

  • Sample

    241002-zqe8xawdjk

  • MD5

    6557331e4271f8117291ad6a353d0f70

  • SHA1

    809695762c5f48faf3c702347c9bc3c4c0648819

  • SHA256

    50223aa3ef5a0374db1af67b8adb0d683419d5096f170f7a4328ee5b4c424c63

  • SHA512

    92068849dad1a650cfa0093c9367fd18510a0902d89ab12f575074e9a9e82ba720bcef434ca0c997b70055d97c8fd7055e5468d174e89b9feea402612575d276

  • SSDEEP

    1536:4hIQFyZos/NQH0CviT1F9AYeWiHkExQz4wtk1TO+Gfl5Gau/Ub0VkVNK:4OFd/+H0OrHk5z9t4XGfl5Gau/Ub0+NK

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      50223aa3ef5a0374db1af67b8adb0d683419d5096f170f7a4328ee5b4c424c63N

    • Size

      90KB

    • MD5

      6557331e4271f8117291ad6a353d0f70

    • SHA1

      809695762c5f48faf3c702347c9bc3c4c0648819

    • SHA256

      50223aa3ef5a0374db1af67b8adb0d683419d5096f170f7a4328ee5b4c424c63

    • SHA512

      92068849dad1a650cfa0093c9367fd18510a0902d89ab12f575074e9a9e82ba720bcef434ca0c997b70055d97c8fd7055e5468d174e89b9feea402612575d276

    • SSDEEP

      1536:4hIQFyZos/NQH0CviT1F9AYeWiHkExQz4wtk1TO+Gfl5Gau/Ub0VkVNK:4OFd/+H0OrHk5z9t4XGfl5Gau/Ub0+NK

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks