Overview

overview

10

Static

static

3

a209580685...9N.exe

windows7-x64

10

a209580685...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a20958068522cba04b03f467e7b40c55ef0e1adf9e5ff16b411bd7952de6b8e9N

  • Size

    94KB

  • Sample

    241015-bkxc8szenk

  • MD5

    700412ae0f7c276364cc0c5e8cb45970

  • SHA1

    0c403a02f44cf7189aaa41a9b3cd4befdc71ac91

  • SHA256

    a20958068522cba04b03f467e7b40c55ef0e1adf9e5ff16b411bd7952de6b8e9

  • SHA512

    6287461b37581a22e7c75e53430305f5e3def96029f301cc4dab1d66678e8ece35c397ac300ad56f3bbd1c53b5d4c175aa6c03fb71f4819324918280ca88ebd0

  • SSDEEP

    1536:9gatqp77f660Oaee1SX8OV0RkSzbRPkssZZcKXwHh7ch3KYJ1nnxXRVkeyyVr3iw:u1e6XvsLkSRPvsZlX6hy339d3kremwcA

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a20958068522cba04b03f467e7b40c55ef0e1adf9e5ff16b411bd7952de6b8e9N

    • Size

      94KB

    • MD5

      700412ae0f7c276364cc0c5e8cb45970

    • SHA1

      0c403a02f44cf7189aaa41a9b3cd4befdc71ac91

    • SHA256

      a20958068522cba04b03f467e7b40c55ef0e1adf9e5ff16b411bd7952de6b8e9

    • SHA512

      6287461b37581a22e7c75e53430305f5e3def96029f301cc4dab1d66678e8ece35c397ac300ad56f3bbd1c53b5d4c175aa6c03fb71f4819324918280ca88ebd0

    • SSDEEP

      1536:9gatqp77f660Oaee1SX8OV0RkSzbRPkssZZcKXwHh7ch3KYJ1nnxXRVkeyyVr3iw:u1e6XvsLkSRPvsZlX6hy339d3kremwcA

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks