Overview

overview

10

Static

static

3

6154158a7a...1N.exe

windows7-x64

10

6154158a7a...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6154158a7a7ec29432e1623f55aba526b53b82498f64a4dfdd2f8fe66f23f881N

  • Size

    117KB

  • Sample

    241003-mn82zszgqg

  • MD5

    d77ecf9a8bbd5b559b86bf2abc0b9f40

  • SHA1

    1857d0a66b0243412bbf88479f616725c3f029e9

  • SHA256

    6154158a7a7ec29432e1623f55aba526b53b82498f64a4dfdd2f8fe66f23f881

  • SHA512

    5a06ac8ea9580c7924d6dcddbda8c7717b3fda5f71f30ce934af79430f7ce3720e99bb6829403b08291e23ea80cec16a47aa80383bffb50c3b3ab8ac9d1502d0

  • SSDEEP

    1536:zp6g5H8TW1NXaCVNqGbd+7zbsoYwd9UHcc0aIbcMiJcjGEdzrHYRFFfUN1Avhw6L:KW1NXX9+nbh9Ul0iJcpzrHiFFfUrQlM

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6154158a7a7ec29432e1623f55aba526b53b82498f64a4dfdd2f8fe66f23f881N

    • Size

      117KB

    • MD5

      d77ecf9a8bbd5b559b86bf2abc0b9f40

    • SHA1

      1857d0a66b0243412bbf88479f616725c3f029e9

    • SHA256

      6154158a7a7ec29432e1623f55aba526b53b82498f64a4dfdd2f8fe66f23f881

    • SHA512

      5a06ac8ea9580c7924d6dcddbda8c7717b3fda5f71f30ce934af79430f7ce3720e99bb6829403b08291e23ea80cec16a47aa80383bffb50c3b3ab8ac9d1502d0

    • SSDEEP

      1536:zp6g5H8TW1NXaCVNqGbd+7zbsoYwd9UHcc0aIbcMiJcjGEdzrHYRFFfUN1Avhw6L:KW1NXX9+nbh9Ul0iJcpzrHiFFfUrQlM

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks