Overview

overview

10

Static

static

3

4a4c2929e3...fN.exe

windows7-x64

10

4a4c2929e3...fN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4a4c2929e32f55937887338958c29ac296de8deea1029567b28de34a2dd0119fN

  • Size

    94KB

  • Sample

    241012-cle11s1gkn

  • MD5

    cf491703585dab7db7ca43c0e6afeee0

  • SHA1

    7e8040793f89591d27a0de240f96f08794b51421

  • SHA256

    4a4c2929e32f55937887338958c29ac296de8deea1029567b28de34a2dd0119f

  • SHA512

    34c3b020dd0e0c2c501413bf7068318702095da878ca54a38e813ee3350078bb44d26eab5a9c50c941c043f8261b2ab144b8c73903637c402b3fd9df2d519eca

  • SSDEEP

    1536:6Z6QXt892oWT6qy4/R2ElC7slvwyuVtzKInPcdM+mZ0G7BR9L4DT2EnINs:6ZsM60kEmsBeKIPcVE0G6+ob

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4a4c2929e32f55937887338958c29ac296de8deea1029567b28de34a2dd0119fN

    • Size

      94KB

    • MD5

      cf491703585dab7db7ca43c0e6afeee0

    • SHA1

      7e8040793f89591d27a0de240f96f08794b51421

    • SHA256

      4a4c2929e32f55937887338958c29ac296de8deea1029567b28de34a2dd0119f

    • SHA512

      34c3b020dd0e0c2c501413bf7068318702095da878ca54a38e813ee3350078bb44d26eab5a9c50c941c043f8261b2ab144b8c73903637c402b3fd9df2d519eca

    • SSDEEP

      1536:6Z6QXt892oWT6qy4/R2ElC7slvwyuVtzKInPcdM+mZ0G7BR9L4DT2EnINs:6ZsM60kEmsBeKIPcVE0G6+ob

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks