Overview

overview

10

Static

static

3

9b835d1d84...aN.exe

windows7-x64

10

9b835d1d84...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b835d1d844b7c86e5e574cc285f09799c46c433cb883bb1820a2bb4427db0baN

  • Size

    144KB

  • Sample

    241004-at25eavdjn

  • MD5

    bc29f8d54657011142af52062ee80c90

  • SHA1

    249af90fd0660267a47694bdcba939c826606b21

  • SHA256

    9b835d1d844b7c86e5e574cc285f09799c46c433cb883bb1820a2bb4427db0ba

  • SHA512

    a0ec19605b21b2296a44c254c4954af4c4edfe4030ba797a333e78b0b3df488012755f21a1812b6905e08b2c75dff7f1082af078c9f90c00e3637b1211409329

  • SSDEEP

    3072:Ohj1PfOY3bjhFdFxHYnoHnRIKzdH13+EE+RaZ6r+GDZnBcV8:mj5mY35F1KnKzd5IF6rfBBcV8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9b835d1d844b7c86e5e574cc285f09799c46c433cb883bb1820a2bb4427db0baN

    • Size

      144KB

    • MD5

      bc29f8d54657011142af52062ee80c90

    • SHA1

      249af90fd0660267a47694bdcba939c826606b21

    • SHA256

      9b835d1d844b7c86e5e574cc285f09799c46c433cb883bb1820a2bb4427db0ba

    • SHA512

      a0ec19605b21b2296a44c254c4954af4c4edfe4030ba797a333e78b0b3df488012755f21a1812b6905e08b2c75dff7f1082af078c9f90c00e3637b1211409329

    • SSDEEP

      3072:Ohj1PfOY3bjhFdFxHYnoHnRIKzdH13+EE+RaZ6r+GDZnBcV8:mj5mY35F1KnKzd5IF6rfBBcV8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks