Overview

overview

10

Static

static

3

25b3480f9e...57.exe

windows7-x64

10

25b3480f9e...57.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25b3480f9edeab6ccbb92fc180fa385af7326d2ee720cf66add1246146238757

  • Size

    96KB

  • Sample

    241004-yfvp6sxcnb

  • MD5

    a37235949ed7233614924d1646b90fde

  • SHA1

    4638233b79e8aa78dd0a1c4ff6b1841fd438d588

  • SHA256

    25b3480f9edeab6ccbb92fc180fa385af7326d2ee720cf66add1246146238757

  • SHA512

    b12e087430fb4374312e168865a191c55120960824a5cc2f4caecdbb39d1e1da77a9012ba46a886a3003fb15a1847e9aa4a2ecf908bde8d3b004d6b66057c0c6

  • SSDEEP

    1536:h+v7YXPm+qkNDXTK/GEM9eTRnXsUb2SeCf4l/bVPbORduV9jojTIvjr:hO2e+9RTK+mn8UbziJb+d69jc0v

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      25b3480f9edeab6ccbb92fc180fa385af7326d2ee720cf66add1246146238757

    • Size

      96KB

    • MD5

      a37235949ed7233614924d1646b90fde

    • SHA1

      4638233b79e8aa78dd0a1c4ff6b1841fd438d588

    • SHA256

      25b3480f9edeab6ccbb92fc180fa385af7326d2ee720cf66add1246146238757

    • SHA512

      b12e087430fb4374312e168865a191c55120960824a5cc2f4caecdbb39d1e1da77a9012ba46a886a3003fb15a1847e9aa4a2ecf908bde8d3b004d6b66057c0c6

    • SSDEEP

      1536:h+v7YXPm+qkNDXTK/GEM9eTRnXsUb2SeCf4l/bVPbORduV9jojTIvjr:hO2e+9RTK+mn8UbziJb+d69jc0v

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks