Overview

overview

10

Static

static

3

7d70db6c4e...dN.exe

windows7-x64

10

7d70db6c4e...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d70db6c4e72f059ab7627ceb13e3d23bc4857096b163ee7c196165f2bd5866dN

  • Size

    88KB

  • Sample

    241005-g68laavamc

  • MD5

    50c8df282b1d281f592e9d691b258f20

  • SHA1

    f482e700ca1b86225f6f452db09f55cd2e894490

  • SHA256

    7d70db6c4e72f059ab7627ceb13e3d23bc4857096b163ee7c196165f2bd5866d

  • SHA512

    8e4664ef5d7bd536c6394045c11b48e3154e3c0f08082f8a8106438811ae8c11e0649a97908f89d61a0236b44168faa9c132d81b1235311dbc49bae7e96790e0

  • SSDEEP

    1536:EKJbOs1Oq1OYqfWvuSwOfrzQ7EcgxQ7YnCuILv13nouy8L:BOs1u1xvRLNXoutL

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7d70db6c4e72f059ab7627ceb13e3d23bc4857096b163ee7c196165f2bd5866dN

    • Size

      88KB

    • MD5

      50c8df282b1d281f592e9d691b258f20

    • SHA1

      f482e700ca1b86225f6f452db09f55cd2e894490

    • SHA256

      7d70db6c4e72f059ab7627ceb13e3d23bc4857096b163ee7c196165f2bd5866d

    • SHA512

      8e4664ef5d7bd536c6394045c11b48e3154e3c0f08082f8a8106438811ae8c11e0649a97908f89d61a0236b44168faa9c132d81b1235311dbc49bae7e96790e0

    • SSDEEP

      1536:EKJbOs1Oq1OYqfWvuSwOfrzQ7EcgxQ7YnCuILv13nouy8L:BOs1u1xvRLNXoutL

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks