Overview

overview

10

Static

static

3

21d15be43d...3N.exe

windows7-x64

10

21d15be43d...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21d15be43d5f7c0be46a5d9ce86b92ac9c4886693986ff0a36e1d2988185eb53N

  • Size

    96KB

  • Sample

    241010-rz96ms1aka

  • MD5

    69f2d76d8bfffd0ad4f2b3f55bfcf7d0

  • SHA1

    181daa6684c92e59b45b5a8a25e8b9da4e6ef92f

  • SHA256

    21d15be43d5f7c0be46a5d9ce86b92ac9c4886693986ff0a36e1d2988185eb53

  • SHA512

    788a0c60f5500ea03ba379ba3e8c99213ae932423eaed1906f43d8dec20e4ad7a6509a416ca171f20c5dd0c807bf5fff18e93bd569d1472a7d733bc8bcb6e2cc

  • SSDEEP

    1536:RBdgg7iwgRCptnYgC4rV0SU23MMnr6ckq4aAjWbjtKBvU:bd71/+6rVOsD2ckLVwtCU

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      21d15be43d5f7c0be46a5d9ce86b92ac9c4886693986ff0a36e1d2988185eb53N

    • Size

      96KB

    • MD5

      69f2d76d8bfffd0ad4f2b3f55bfcf7d0

    • SHA1

      181daa6684c92e59b45b5a8a25e8b9da4e6ef92f

    • SHA256

      21d15be43d5f7c0be46a5d9ce86b92ac9c4886693986ff0a36e1d2988185eb53

    • SHA512

      788a0c60f5500ea03ba379ba3e8c99213ae932423eaed1906f43d8dec20e4ad7a6509a416ca171f20c5dd0c807bf5fff18e93bd569d1472a7d733bc8bcb6e2cc

    • SSDEEP

      1536:RBdgg7iwgRCptnYgC4rV0SU23MMnr6ckq4aAjWbjtKBvU:bd71/+6rVOsD2ckLVwtCU

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks