Overview

overview

10

Static

static

3

6823a38902...6N.exe

windows7-x64

10

6823a38902...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6823a389025c0ae8811d90a434c31b8840080cbe8b5fb7d1077e70522792a456N

  • Size

    96KB

  • Sample

    241005-va2prasakh

  • MD5

    6da87966035ea9ee377cd38c85ae1210

  • SHA1

    fcc53867282acfa9b014485e0605f19cfa82544b

  • SHA256

    6823a389025c0ae8811d90a434c31b8840080cbe8b5fb7d1077e70522792a456

  • SHA512

    d0ddb0417e7fa97f34878e123fa23f1b024e304d5125383beb36e8ce48be5e029c8948db74913a774a6e0764e55cd4f0b9d96dba0ac8b9b5916e5ceb09d90249

  • SSDEEP

    1536:+CtkG3RQC+3QQfjUvDMzOZ43LTcPukq/VNGNCKNdy/0URNkIaAjWbjtKBvU:+CW0QC+30vQz2ruk4bhRNkIVwtCU

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6823a389025c0ae8811d90a434c31b8840080cbe8b5fb7d1077e70522792a456N

    • Size

      96KB

    • MD5

      6da87966035ea9ee377cd38c85ae1210

    • SHA1

      fcc53867282acfa9b014485e0605f19cfa82544b

    • SHA256

      6823a389025c0ae8811d90a434c31b8840080cbe8b5fb7d1077e70522792a456

    • SHA512

      d0ddb0417e7fa97f34878e123fa23f1b024e304d5125383beb36e8ce48be5e029c8948db74913a774a6e0764e55cd4f0b9d96dba0ac8b9b5916e5ceb09d90249

    • SSDEEP

      1536:+CtkG3RQC+3QQfjUvDMzOZ43LTcPukq/VNGNCKNdy/0URNkIaAjWbjtKBvU:+CW0QC+30vQz2ruk4bhRNkIVwtCU

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks