Overview

overview

10

Static

static

3

486e81b27a...36.exe

windows7-x64

10

486e81b27a...36.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    486e81b27a74a40788ae24bf4418e33824e83f9418d0e9c6a85c1a40e1373c36

  • Size

    74KB

  • Sample

    241014-1gbd2axfna

  • MD5

    a8287c246f50bc88230dd2b50d244ec1

  • SHA1

    254df67136f7241acab79d3a97f3307225379730

  • SHA256

    486e81b27a74a40788ae24bf4418e33824e83f9418d0e9c6a85c1a40e1373c36

  • SHA512

    d5f7b496234d336d020b7f8b79b4887e6ea246ee14ac1ddfccfa5fbc0eb64e8ce5d523a23aa7a29af7d8ebdefaa015507b118e436a79f792e8c4f7a2f775cf8e

  • SSDEEP

    1536:Dgz/7BUguLJShKWg1yKp5q/YQPED0clqNQ7Id0W5p:GjBNuLExU5q/NPfc8SXW5p

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      486e81b27a74a40788ae24bf4418e33824e83f9418d0e9c6a85c1a40e1373c36

    • Size

      74KB

    • MD5

      a8287c246f50bc88230dd2b50d244ec1

    • SHA1

      254df67136f7241acab79d3a97f3307225379730

    • SHA256

      486e81b27a74a40788ae24bf4418e33824e83f9418d0e9c6a85c1a40e1373c36

    • SHA512

      d5f7b496234d336d020b7f8b79b4887e6ea246ee14ac1ddfccfa5fbc0eb64e8ce5d523a23aa7a29af7d8ebdefaa015507b118e436a79f792e8c4f7a2f775cf8e

    • SSDEEP

      1536:Dgz/7BUguLJShKWg1yKp5q/YQPED0clqNQ7Id0W5p:GjBNuLExU5q/NPfc8SXW5p

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks