Overview

overview

10

Static

static

3

f48fe49dd2...8f.exe

windows7-x64

10

f48fe49dd2...8f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f48fe49dd2a70a60f858d76174ef6f3875046809b20e86ff4e782c01452e568f

  • Size

    96KB

  • Sample

    241013-fvtgjsvejk

  • MD5

    90ac8789f6f38f67e1e5c20432bf5bf6

  • SHA1

    064a53eb03fa3001d792c34fe4ef119b3b435be3

  • SHA256

    f48fe49dd2a70a60f858d76174ef6f3875046809b20e86ff4e782c01452e568f

  • SHA512

    cc91ddb85bec137551c5095e5ce8804e64d58b71c903858325e27ce0017cf324b950f9895f1a806c3d2c4573936e0e1e6de5c440b425cbb682c80bab3b845247

  • SSDEEP

    1536:rjYYsVAMv2khBh01CbIgH66LVVIXLuBAPzJniCY3hqFOKP49HvQOduV9jojTIvj7:r5FfkvrWCmz4xAf4oOd69jc0vf

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f48fe49dd2a70a60f858d76174ef6f3875046809b20e86ff4e782c01452e568f

    • Size

      96KB

    • MD5

      90ac8789f6f38f67e1e5c20432bf5bf6

    • SHA1

      064a53eb03fa3001d792c34fe4ef119b3b435be3

    • SHA256

      f48fe49dd2a70a60f858d76174ef6f3875046809b20e86ff4e782c01452e568f

    • SHA512

      cc91ddb85bec137551c5095e5ce8804e64d58b71c903858325e27ce0017cf324b950f9895f1a806c3d2c4573936e0e1e6de5c440b425cbb682c80bab3b845247

    • SSDEEP

      1536:rjYYsVAMv2khBh01CbIgH66LVVIXLuBAPzJniCY3hqFOKP49HvQOduV9jojTIvj7:r5FfkvrWCmz4xAf4oOd69jc0vf

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks