Overview

overview

10

Static

static

3

8bb43c221e...99.exe

windows7-x64

10

8bb43c221e...99.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bb43c221e9fb1e7468a78c2c338e5a0b3b82c7d196d89039ff8d96ad9b27a99

  • Size

    96KB

  • Sample

    241012-abdzvs1fpa

  • MD5

    3d4f045ce5d8e3706142ea0dd69a4fb5

  • SHA1

    7821a5b3ad135947a1482abb80c824cccd113712

  • SHA256

    8bb43c221e9fb1e7468a78c2c338e5a0b3b82c7d196d89039ff8d96ad9b27a99

  • SHA512

    249e6ae409390213a5f269c461f584808850e043d46b0e91b50dce8a2c11a968129fc4f299b08796253ee4193c20f21581b5daf7dca6ffd466ad774c3ed2079e

  • SSDEEP

    1536:jy7VOGxoGhWq9071BltSR8UpQfP1eCX3toXj2xQkShex2G/BOmrCMy0QiLiizHNT:woGhWc071B3SR8UyfP1ebXj2HShuP5O6

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8bb43c221e9fb1e7468a78c2c338e5a0b3b82c7d196d89039ff8d96ad9b27a99

    • Size

      96KB

    • MD5

      3d4f045ce5d8e3706142ea0dd69a4fb5

    • SHA1

      7821a5b3ad135947a1482abb80c824cccd113712

    • SHA256

      8bb43c221e9fb1e7468a78c2c338e5a0b3b82c7d196d89039ff8d96ad9b27a99

    • SHA512

      249e6ae409390213a5f269c461f584808850e043d46b0e91b50dce8a2c11a968129fc4f299b08796253ee4193c20f21581b5daf7dca6ffd466ad774c3ed2079e

    • SSDEEP

      1536:jy7VOGxoGhWq9071BltSR8UpQfP1eCX3toXj2xQkShex2G/BOmrCMy0QiLiizHNT:woGhWc071B3SR8UyfP1ebXj2HShuP5O6

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks