Overview

overview

10

Static

static

3

85ce414ba7...17.exe

windows7-x64

10

85ce414ba7...17.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    85ce414ba799d5902a329859d56d43a61b655616f20eb86c06263ef77d2e6617

  • Size

    74KB

  • Sample

    241015-bwbkxaxald

  • MD5

    99dda94747dc31c236231d889e2db65e

  • SHA1

    89195853fb77792a3a8b80a4141e4d821842a12c

  • SHA256

    85ce414ba799d5902a329859d56d43a61b655616f20eb86c06263ef77d2e6617

  • SHA512

    5e4ed0188a18d2a6976829577b96d25e7351d2738b3bc83e8d7a3313dfeaf1c117a1859856fb72642215b7aba2268336b37700fa006dc8278fb7e390b43488e3

  • SSDEEP

    1536:1ulZBT8PMTPQxNEddphPOqLmmGtSWNzRvp:CjQ0TIPEGq3hW1Rvp

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      85ce414ba799d5902a329859d56d43a61b655616f20eb86c06263ef77d2e6617

    • Size

      74KB

    • MD5

      99dda94747dc31c236231d889e2db65e

    • SHA1

      89195853fb77792a3a8b80a4141e4d821842a12c

    • SHA256

      85ce414ba799d5902a329859d56d43a61b655616f20eb86c06263ef77d2e6617

    • SHA512

      5e4ed0188a18d2a6976829577b96d25e7351d2738b3bc83e8d7a3313dfeaf1c117a1859856fb72642215b7aba2268336b37700fa006dc8278fb7e390b43488e3

    • SSDEEP

      1536:1ulZBT8PMTPQxNEddphPOqLmmGtSWNzRvp:CjQ0TIPEGq3hW1Rvp

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks