Overview

overview

10

Static

static

3

3774f3f180...7N.exe

windows7-x64

10

3774f3f180...7N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3774f3f18064f5f9ea05877cd5d33814f03d72152ac2d8006a2dba46fe802b07N

  • Size

    1024KB

  • Sample

    241003-b3nh2s1hjb

  • MD5

    cfc95f032bc779e45cf9cb51732a7130

  • SHA1

    5c470da79b36490091b7030c02bb512e6198f1d9

  • SHA256

    3774f3f18064f5f9ea05877cd5d33814f03d72152ac2d8006a2dba46fe802b07

  • SHA512

    ce1566d8cf83d03093c187f2b9bb0442e71398b4923bc0fddb9243b79bd5066d90863fdcd261bd3d2f82df9f29dc63dd392dd2e1e3961e38ce3ecb95e9265f14

  • SSDEEP

    24576:7wMBm0BmmvFimm0Xcr6VDsEqacjgqANXcolMZ5nNxvM0oL8v8WQ:7wM5iTWVDBzcjgBNXcolMZ5nNxvM0oLx

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3774f3f18064f5f9ea05877cd5d33814f03d72152ac2d8006a2dba46fe802b07N

    • Size

      1024KB

    • MD5

      cfc95f032bc779e45cf9cb51732a7130

    • SHA1

      5c470da79b36490091b7030c02bb512e6198f1d9

    • SHA256

      3774f3f18064f5f9ea05877cd5d33814f03d72152ac2d8006a2dba46fe802b07

    • SHA512

      ce1566d8cf83d03093c187f2b9bb0442e71398b4923bc0fddb9243b79bd5066d90863fdcd261bd3d2f82df9f29dc63dd392dd2e1e3961e38ce3ecb95e9265f14

    • SSDEEP

      24576:7wMBm0BmmvFimm0Xcr6VDsEqacjgqANXcolMZ5nNxvM0oL8v8WQ:7wM5iTWVDBzcjgBNXcolMZ5nNxvM0oLx

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks