Overview

overview

10

Static

static

3

2f8be8a57e...8N.exe

windows7-x64

10

2f8be8a57e...8N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2f8be8a57e501c5897a6bd5cc5a4393b0ed3d4ffc778b299a6f5ba3b73d264a8N

  • Size

    128KB

  • Sample

    241012-zbdrjazdng

  • MD5

    6fd49220471fada281465951380c84b0

  • SHA1

    979511fc69095b6b63b64bbd95156a5b21e3197a

  • SHA256

    2f8be8a57e501c5897a6bd5cc5a4393b0ed3d4ffc778b299a6f5ba3b73d264a8

  • SHA512

    fec83932ed230775ab902b4772a9ce879e9448e8d683b4c149bb97b2d6060cff509541637e83bcacb78e9f96a390a43254bba001a80df280968747b4a6cf81e4

  • SSDEEP

    3072:1XeOB0NMuZiWjwnJo/O5BJDd1AZoUBW3FJeRuaWNXmgu+tB:1Xda7wnJoqxdWZHEFJ7aWN1B

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      2f8be8a57e501c5897a6bd5cc5a4393b0ed3d4ffc778b299a6f5ba3b73d264a8N

    • Size

      128KB

    • MD5

      6fd49220471fada281465951380c84b0

    • SHA1

      979511fc69095b6b63b64bbd95156a5b21e3197a

    • SHA256

      2f8be8a57e501c5897a6bd5cc5a4393b0ed3d4ffc778b299a6f5ba3b73d264a8

    • SHA512

      fec83932ed230775ab902b4772a9ce879e9448e8d683b4c149bb97b2d6060cff509541637e83bcacb78e9f96a390a43254bba001a80df280968747b4a6cf81e4

    • SSDEEP

      3072:1XeOB0NMuZiWjwnJo/O5BJDd1AZoUBW3FJeRuaWNXmgu+tB:1Xda7wnJoqxdWZHEFJ7aWN1B

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks