Overview

overview

10

Static

static

3

72af56284c...7e.exe

windows7-x64

10

72af56284c...7e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72af56284c1533519c39e42e64abcbec3f6c3da1d0d50ae98c7dd74c837a467e

  • Size

    384KB

  • Sample

    241011-2xv9tayeja

  • MD5

    103c40313329e60962abd0b8c7c00d4e

  • SHA1

    14da653f1722b0c7251ae1c4a82522d5a273ef96

  • SHA256

    72af56284c1533519c39e42e64abcbec3f6c3da1d0d50ae98c7dd74c837a467e

  • SHA512

    c7623570243683ce25a07b671236d272c2bd0dab017cddd01d0562d2125c7997b9b13d5d617230015a36f77f7b5bb376ae923851acf5245dbc0332807ef3b374

  • SSDEEP

    6144:akAmcJPu1J9Kwtu1DjrFqh/QO+zrWnAdqjsqwHlGrh/6:ahc5tuFjAh//+zrWAIAqW5

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      72af56284c1533519c39e42e64abcbec3f6c3da1d0d50ae98c7dd74c837a467e

    • Size

      384KB

    • MD5

      103c40313329e60962abd0b8c7c00d4e

    • SHA1

      14da653f1722b0c7251ae1c4a82522d5a273ef96

    • SHA256

      72af56284c1533519c39e42e64abcbec3f6c3da1d0d50ae98c7dd74c837a467e

    • SHA512

      c7623570243683ce25a07b671236d272c2bd0dab017cddd01d0562d2125c7997b9b13d5d617230015a36f77f7b5bb376ae923851acf5245dbc0332807ef3b374

    • SSDEEP

      6144:akAmcJPu1J9Kwtu1DjrFqh/QO+zrWnAdqjsqwHlGrh/6:ahc5tuFjAh//+zrWAIAqW5

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks