Overview

overview

10

Static

static

3

970334e2fa...ba.exe

windows7-x64

10

970334e2fa...ba.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    970334e2fa7871b602ba6d1f3d503e7b053e486c7d354940ce70cb5a8b1b90ba

  • Size

    96KB

  • Sample

    241009-bna96sxfmm

  • MD5

    b202d018c7f197608b6441cb23dded13

  • SHA1

    11043ead5ccdc5f1a3e1d98b4196edcb771236bb

  • SHA256

    970334e2fa7871b602ba6d1f3d503e7b053e486c7d354940ce70cb5a8b1b90ba

  • SHA512

    ddf7fef35d77805846fd60c51897fe12974cf7e58724f20053537198bba845d66fc4f572e77a4cf50b570f4b8bd51051ae199f98d444856147dab6ece2963342

  • SSDEEP

    1536:EYqPzVhAexOTyconCA+UtuIaR5HempdZilWHOWkZ/BOmenCMy0QiLiizHNQNdq:oVhAaOT5ohuxHeYHXkZ5Om8CMyELiAH9

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      970334e2fa7871b602ba6d1f3d503e7b053e486c7d354940ce70cb5a8b1b90ba

    • Size

      96KB

    • MD5

      b202d018c7f197608b6441cb23dded13

    • SHA1

      11043ead5ccdc5f1a3e1d98b4196edcb771236bb

    • SHA256

      970334e2fa7871b602ba6d1f3d503e7b053e486c7d354940ce70cb5a8b1b90ba

    • SHA512

      ddf7fef35d77805846fd60c51897fe12974cf7e58724f20053537198bba845d66fc4f572e77a4cf50b570f4b8bd51051ae199f98d444856147dab6ece2963342

    • SSDEEP

      1536:EYqPzVhAexOTyconCA+UtuIaR5HempdZilWHOWkZ/BOmenCMy0QiLiizHNQNdq:oVhAaOT5ohuxHeYHXkZ5Om8CMyELiAH9

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks