Overview

overview

10

Static

static

3

2ea807b58e...3N.exe

windows7-x64

10

2ea807b58e...3N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2ea807b58ee5dfc40efd9c93980f5fe397fa1f8d904b0138c87ca925e57f4a83N

  • Size

    844KB

  • Sample

    241013-mjzyhswgrk

  • MD5

    dd512177a47d64e3ffb599f003451b20

  • SHA1

    34b58bf7bfcbf34ef6b63ede37b9c370627d4d5e

  • SHA256

    2ea807b58ee5dfc40efd9c93980f5fe397fa1f8d904b0138c87ca925e57f4a83

  • SHA512

    cdd1ff6cf92dbb470e05c2e22b861856691a88e715a3baf4fbea03e718b9d8c1cc8fe8d7813b409a1155da3bd876d143c07777e8983e79af4166f10061bb8307

  • SSDEEP

    24576:SO9H5W3Tnbc53cp6p5vihMpQnqrdX72LbY6x46uR/qYglMS:SO9H5W3TbGBihw+cdX2x46uhqllMS

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      2ea807b58ee5dfc40efd9c93980f5fe397fa1f8d904b0138c87ca925e57f4a83N

    • Size

      844KB

    • MD5

      dd512177a47d64e3ffb599f003451b20

    • SHA1

      34b58bf7bfcbf34ef6b63ede37b9c370627d4d5e

    • SHA256

      2ea807b58ee5dfc40efd9c93980f5fe397fa1f8d904b0138c87ca925e57f4a83

    • SHA512

      cdd1ff6cf92dbb470e05c2e22b861856691a88e715a3baf4fbea03e718b9d8c1cc8fe8d7813b409a1155da3bd876d143c07777e8983e79af4166f10061bb8307

    • SSDEEP

      24576:SO9H5W3Tnbc53cp6p5vihMpQnqrdX72LbY6x46uR/qYglMS:SO9H5W3TbGBihw+cdX2x46uhqllMS

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks