Overview

overview

10

Static

static

3

1c1e2928fd...8N.exe

windows7-x64

10

1c1e2928fd...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c1e2928fdc53a1db0095d3868a00d7dd4e1e631027119268db8569c0cbc1578N

  • Size

    93KB

  • Sample

    241009-1ax98avbkm

  • MD5

    cad51ea4675d8ac1324a7e44d82561c0

  • SHA1

    d1f096cc7ae5b24198ea11e3979f337e850f9c40

  • SHA256

    1c1e2928fdc53a1db0095d3868a00d7dd4e1e631027119268db8569c0cbc1578

  • SHA512

    370295e63089171695054adbb216c684ecf9959e7ccbe5e33d6aca770f8280d0f79afe101fe3593589c9ef58674884cefc5d8f2611483e55fd877cb22bb48efe

  • SSDEEP

    1536:CMqga9wQ+HaUZyqIPAY4XEmm3cGFStWCvuIjZjEqI6o+tK7zTSKjiwg58:CMra9gzZybIYNdRFGvu4ZjVq7zZY58

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1c1e2928fdc53a1db0095d3868a00d7dd4e1e631027119268db8569c0cbc1578N

    • Size

      93KB

    • MD5

      cad51ea4675d8ac1324a7e44d82561c0

    • SHA1

      d1f096cc7ae5b24198ea11e3979f337e850f9c40

    • SHA256

      1c1e2928fdc53a1db0095d3868a00d7dd4e1e631027119268db8569c0cbc1578

    • SHA512

      370295e63089171695054adbb216c684ecf9959e7ccbe5e33d6aca770f8280d0f79afe101fe3593589c9ef58674884cefc5d8f2611483e55fd877cb22bb48efe

    • SSDEEP

      1536:CMqga9wQ+HaUZyqIPAY4XEmm3cGFStWCvuIjZjEqI6o+tK7zTSKjiwg58:CMra9gzZybIYNdRFGvu4ZjVq7zZY58

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks