Overview

overview

10

Static

static

3

0a5780e8fa...7N.exe

windows7-x64

10

0a5780e8fa...7N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0a5780e8fa43fef0f197927bfc73d3f517102afe6bfc35b219a9d41a7f434d37N

  • Size

    96KB

  • Sample

    241013-s1c3zaybrn

  • MD5

    8d376d338521ab9da95e13906956ea20

  • SHA1

    626a276a5d9a01fc6b7fb4b6f46ebb54af7b2bd5

  • SHA256

    0a5780e8fa43fef0f197927bfc73d3f517102afe6bfc35b219a9d41a7f434d37

  • SHA512

    2f0380882ba578c416a21e7983f0032a6d0ab30404ef844b27e8aa2b2147fc571922d85670a7ae5fa1229712f98d6ea9dbbc0ac2e08010971046996c7a9810c0

  • SSDEEP

    1536:lCA7y9BPJGuLWM3WZSKTGPbqajZOICx4haxD0MyM/u21EkqYCCduV9jojTIvjrH:4AePkuLWvSKieDv40gJM/EkWCd69jc0X

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0a5780e8fa43fef0f197927bfc73d3f517102afe6bfc35b219a9d41a7f434d37N

    • Size

      96KB

    • MD5

      8d376d338521ab9da95e13906956ea20

    • SHA1

      626a276a5d9a01fc6b7fb4b6f46ebb54af7b2bd5

    • SHA256

      0a5780e8fa43fef0f197927bfc73d3f517102afe6bfc35b219a9d41a7f434d37

    • SHA512

      2f0380882ba578c416a21e7983f0032a6d0ab30404ef844b27e8aa2b2147fc571922d85670a7ae5fa1229712f98d6ea9dbbc0ac2e08010971046996c7a9810c0

    • SSDEEP

      1536:lCA7y9BPJGuLWM3WZSKTGPbqajZOICx4haxD0MyM/u21EkqYCCduV9jojTIvjrH:4AePkuLWvSKieDv40gJM/EkWCd69jc0X

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks