Overview

overview

10

Static

static

3

47e64762f5...5N.exe

windows7-x64

10

47e64762f5...5N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    47e64762f55d01084416bd21dddb83cbabe7a2f7a4b53dd525164a439df3d655N

  • Size

    96KB

  • Sample

    241006-kyqbhswgpp

  • MD5

    c7ad42eea5972f0286141d9d70860820

  • SHA1

    b903660dee239c9bfaf6b0e8c357e35cd9f8f402

  • SHA256

    47e64762f55d01084416bd21dddb83cbabe7a2f7a4b53dd525164a439df3d655

  • SHA512

    3db960a2fceaf2673158a2c8a3281c1ccc99e9c24f57f09f2dd7c8f3f82e777c279793e2cdcb2b61745e862b5cd46398b6e0e112fe14d262be2d6faed89da4f2

  • SSDEEP

    1536:/s4AltlC0rtmGCSETckCCOrVJlI19BJ6y4eOcQatc55b0lFFfUN1Avhw6JCMd:Ht0KCPZ4g3data0lFFfUrQlMW

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      47e64762f55d01084416bd21dddb83cbabe7a2f7a4b53dd525164a439df3d655N

    • Size

      96KB

    • MD5

      c7ad42eea5972f0286141d9d70860820

    • SHA1

      b903660dee239c9bfaf6b0e8c357e35cd9f8f402

    • SHA256

      47e64762f55d01084416bd21dddb83cbabe7a2f7a4b53dd525164a439df3d655

    • SHA512

      3db960a2fceaf2673158a2c8a3281c1ccc99e9c24f57f09f2dd7c8f3f82e777c279793e2cdcb2b61745e862b5cd46398b6e0e112fe14d262be2d6faed89da4f2

    • SSDEEP

      1536:/s4AltlC0rtmGCSETckCCOrVJlI19BJ6y4eOcQatc55b0lFFfUN1Avhw6JCMd:Ht0KCPZ4g3data0lFFfUrQlMW

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks