Overview

overview

10

Static

static

10

8130980521...dN.exe

windows7-x64

10

8130980521...dN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    813098052174f8ce2e02e32f4595c2de8a74f3df22d26a91ab63f9b16870dbbdN

  • Size

    276KB

  • Sample

    241012-sgjfmswgje

  • MD5

    d398f9f726f678aa3ed5bdb344d46520

  • SHA1

    9d5a9756ba8225e95d8e6339de84a276ccc485d1

  • SHA256

    813098052174f8ce2e02e32f4595c2de8a74f3df22d26a91ab63f9b16870dbbd

  • SHA512

    48c6bd598af507aaed093a4087e93ac8674a55e8c48f8e13c2a3e7882b42a8f3b4f36b738f13aa695bb684cef9fe5e7f055a1a3cb78f0fa23aaa83dba6e2d76b

  • SSDEEP

    6144:QziBCYoO6WZ55NSdZMGXF5ahdt3rM8d7TtLa:UiBCnOGXFWtJ9O

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      813098052174f8ce2e02e32f4595c2de8a74f3df22d26a91ab63f9b16870dbbdN

    • Size

      276KB

    • MD5

      d398f9f726f678aa3ed5bdb344d46520

    • SHA1

      9d5a9756ba8225e95d8e6339de84a276ccc485d1

    • SHA256

      813098052174f8ce2e02e32f4595c2de8a74f3df22d26a91ab63f9b16870dbbd

    • SHA512

      48c6bd598af507aaed093a4087e93ac8674a55e8c48f8e13c2a3e7882b42a8f3b4f36b738f13aa695bb684cef9fe5e7f055a1a3cb78f0fa23aaa83dba6e2d76b

    • SSDEEP

      6144:QziBCYoO6WZ55NSdZMGXF5ahdt3rM8d7TtLa:UiBCnOGXFWtJ9O

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks