Overview

overview

10

Static

static

3

02f943dbbb...eN.exe

windows7-x64

10

02f943dbbb...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02f943dbbb8e7f78ff21788a9d9a8a052745aff454a142dfbf1b01f6686a1d7eN

  • Size

    88KB

  • Sample

    241009-wc75zsvcma

  • MD5

    b7b1a604387774a1709588a894896b30

  • SHA1

    8475d6cb0a0d99c0c91722789d20ee3c18b42b4f

  • SHA256

    02f943dbbb8e7f78ff21788a9d9a8a052745aff454a142dfbf1b01f6686a1d7e

  • SHA512

    154351acde100d8d523a1132ad2843542d1cac1306986a034dc20ecb89a76a20c7da844b900ceb2b309e1c3ea18695cd66d7672c5988a1850fbc711fb2b36656

  • SSDEEP

    768:/Sv/6Q4O7twDefivmsyoCJ0A2A/4LlT2yoiG4VE8LAiLDZ7ZfIruU/nRIHr+XA0r:/4UatPW7r5VZFjUUr+XlHUDy5nouy8L

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      02f943dbbb8e7f78ff21788a9d9a8a052745aff454a142dfbf1b01f6686a1d7eN

    • Size

      88KB

    • MD5

      b7b1a604387774a1709588a894896b30

    • SHA1

      8475d6cb0a0d99c0c91722789d20ee3c18b42b4f

    • SHA256

      02f943dbbb8e7f78ff21788a9d9a8a052745aff454a142dfbf1b01f6686a1d7e

    • SHA512

      154351acde100d8d523a1132ad2843542d1cac1306986a034dc20ecb89a76a20c7da844b900ceb2b309e1c3ea18695cd66d7672c5988a1850fbc711fb2b36656

    • SSDEEP

      768:/Sv/6Q4O7twDefivmsyoCJ0A2A/4LlT2yoiG4VE8LAiLDZ7ZfIruU/nRIHr+XA0r:/4UatPW7r5VZFjUUr+XlHUDy5nouy8L

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks