Overview

overview

10

Static

static

3

c2b2c4c985...dN.exe

windows7-x64

10

c2b2c4c985...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2b2c4c9850e97d2dea207d53a86ad2cbdb6f4f6e48fd4d954f874b51b8a574dN

  • Size

    313KB

  • Sample

    241005-b1hj1sxgrp

  • MD5

    b4146046f64475469a145bb70c964c90

  • SHA1

    2eac4dff23ea7f38eceba533f6b6c6f4dbe84555

  • SHA256

    c2b2c4c9850e97d2dea207d53a86ad2cbdb6f4f6e48fd4d954f874b51b8a574d

  • SHA512

    1e12962ef5782e2ea6fe6d2c77837634f20a213226eabdb97237a89f4b6251c33401d19f790b345257c63c3f6af9198db8030e4654562749b8f6f7628dc366c7

  • SSDEEP

    6144:VyCTW4l/YfkgpUmKyIxLDXXoq9FJZCUmKyIxLX:w4ON32XXf9Do3+

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c2b2c4c9850e97d2dea207d53a86ad2cbdb6f4f6e48fd4d954f874b51b8a574dN

    • Size

      313KB

    • MD5

      b4146046f64475469a145bb70c964c90

    • SHA1

      2eac4dff23ea7f38eceba533f6b6c6f4dbe84555

    • SHA256

      c2b2c4c9850e97d2dea207d53a86ad2cbdb6f4f6e48fd4d954f874b51b8a574d

    • SHA512

      1e12962ef5782e2ea6fe6d2c77837634f20a213226eabdb97237a89f4b6251c33401d19f790b345257c63c3f6af9198db8030e4654562749b8f6f7628dc366c7

    • SSDEEP

      6144:VyCTW4l/YfkgpUmKyIxLDXXoq9FJZCUmKyIxLX:w4ON32XXf9Do3+

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks