Overview

overview

10

Static

static

3

65d74d94f5...dc.exe

windows7-x64

10

65d74d94f5...dc.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    65d74d94f533fbca62f3d646592893ab86fc54a725e0222f2a8faa16adcea2dc

  • Size

    76KB

  • Sample

    241008-2ls1bavbjp

  • MD5

    d6a5b8d76856461f6b760d3c565d0b6b

  • SHA1

    07bfd051a71242a03b8c4ecba25db2d88059dbbd

  • SHA256

    65d74d94f533fbca62f3d646592893ab86fc54a725e0222f2a8faa16adcea2dc

  • SHA512

    89c4ed020e64d3d83d24dc81a4f29fd09cff265671634a59b7f8f2942e1449099ca1c07ec374a5b83518c4239306fd80718fd815527316992e4fe735a7135fd9

  • SSDEEP

    1536:iFIxToEKm53Wf9yH1qY7koy0eq+Lw+zzbl2rnYX1zpKPAFQNCvzCC:i8umnHwqFci+PxNXNpKwzCC

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      65d74d94f533fbca62f3d646592893ab86fc54a725e0222f2a8faa16adcea2dc

    • Size

      76KB

    • MD5

      d6a5b8d76856461f6b760d3c565d0b6b

    • SHA1

      07bfd051a71242a03b8c4ecba25db2d88059dbbd

    • SHA256

      65d74d94f533fbca62f3d646592893ab86fc54a725e0222f2a8faa16adcea2dc

    • SHA512

      89c4ed020e64d3d83d24dc81a4f29fd09cff265671634a59b7f8f2942e1449099ca1c07ec374a5b83518c4239306fd80718fd815527316992e4fe735a7135fd9

    • SSDEEP

      1536:iFIxToEKm53Wf9yH1qY7koy0eq+Lw+zzbl2rnYX1zpKPAFQNCvzCC:i8umnHwqFci+PxNXNpKwzCC

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks