Overview

overview

10

Static

static

3

c4dd5937a7...4N.exe

windows7-x64

10

c4dd5937a7...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4dd5937a75742cc4a316cac79e67010602853b675255e95bb5c613aa06ef944N

  • Size

    192KB

  • Sample

    241013-z3czbayerc

  • MD5

    f02ed7509cf784c09c8bf3df92a6c620

  • SHA1

    02d78f5229683ab24818f49d4ff58e09a599238e

  • SHA256

    c4dd5937a75742cc4a316cac79e67010602853b675255e95bb5c613aa06ef944

  • SHA512

    c0fc4976108a640c7da92ee12ecdb491efd4fbc89aa0ba6dd584ea4e9f91c941a530d1c9ed9cc80d8c307def2cb088d17adf3e3e5f79f0eca8ac2987c3e700d8

  • SSDEEP

    1536:HOaFzQH6B+4V6CzYmxX+hqABY7Ax+b1n+RoCQYQoXsBs6ARnouy8O6Nuf51TQmQJ:tV+Y6CLkI75UJQYmBs6ARoutkTy27zU

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c4dd5937a75742cc4a316cac79e67010602853b675255e95bb5c613aa06ef944N

    • Size

      192KB

    • MD5

      f02ed7509cf784c09c8bf3df92a6c620

    • SHA1

      02d78f5229683ab24818f49d4ff58e09a599238e

    • SHA256

      c4dd5937a75742cc4a316cac79e67010602853b675255e95bb5c613aa06ef944

    • SHA512

      c0fc4976108a640c7da92ee12ecdb491efd4fbc89aa0ba6dd584ea4e9f91c941a530d1c9ed9cc80d8c307def2cb088d17adf3e3e5f79f0eca8ac2987c3e700d8

    • SSDEEP

      1536:HOaFzQH6B+4V6CzYmxX+hqABY7Ax+b1n+RoCQYQoXsBs6ARnouy8O6Nuf51TQmQJ:tV+Y6CLkI75UJQYmBs6ARoutkTy27zU

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks