Overview

overview

10

Static

static

10

77e497cb05...6N.exe

windows7-x64

10

77e497cb05...6N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    77e497cb05195e3fce1a02b19e6cb47096cbccac7e5d1d9ea7e75495a4935be6N

  • Size

    256KB

  • Sample

    241010-l4j75atclf

  • MD5

    fcd810430d2aac35ba6158f0b52dc650

  • SHA1

    f3f70120dc885ce48efa2c5502dd6c11b0acb782

  • SHA256

    77e497cb05195e3fce1a02b19e6cb47096cbccac7e5d1d9ea7e75495a4935be6

  • SHA512

    9af522d7af90510ad629f69858fcc272d0bed6204b6a4ca87fa450490fd3e62f542bb51f0ee137dd2d798904a255b1a8abe67211ae5855440b4b86321ac41631

  • SSDEEP

    6144:pRGzPmsQeMQGYaM+IHB3/fc/UmKyIxLDXXoq9FJZCX:pAPXQeMQG9MS32XXf9DoX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      77e497cb05195e3fce1a02b19e6cb47096cbccac7e5d1d9ea7e75495a4935be6N

    • Size

      256KB

    • MD5

      fcd810430d2aac35ba6158f0b52dc650

    • SHA1

      f3f70120dc885ce48efa2c5502dd6c11b0acb782

    • SHA256

      77e497cb05195e3fce1a02b19e6cb47096cbccac7e5d1d9ea7e75495a4935be6

    • SHA512

      9af522d7af90510ad629f69858fcc272d0bed6204b6a4ca87fa450490fd3e62f542bb51f0ee137dd2d798904a255b1a8abe67211ae5855440b4b86321ac41631

    • SSDEEP

      6144:pRGzPmsQeMQGYaM+IHB3/fc/UmKyIxLDXXoq9FJZCX:pAPXQeMQG9MS32XXf9DoX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks