Overview

overview

10

Static

static

3

b5ecfc442f...dc.exe

windows7-x64

10

b5ecfc442f...dc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5ecfc442fdc0b09a043c3d9e3c53163706f3f09de58f5d51f0e5bdf9c2389dc

  • Size

    74KB

  • Sample

    241015-ef1fwaxelr

  • MD5

    a164506da8a983a6bdb53ed32e9a986e

  • SHA1

    d09e0d26f0f8446f48a45b3fa5cb27c8c1c677a0

  • SHA256

    b5ecfc442fdc0b09a043c3d9e3c53163706f3f09de58f5d51f0e5bdf9c2389dc

  • SHA512

    846bb8fd995886111da6ad53e7facde1d710d6ff83a236273e4563041feab06bbbeaac940b3c4a4d4521edc374ba49a3e8c021ba0f606616cca832fa3883cabf

  • SSDEEP

    768:OgkHDI1LU6OErZ+NsfHjL64em97lTfbl9XUcm4JBO/zthgvqtCZpSoBc2Ziytw0M:uU1LZ+Nsf7em97lFmBwgoBpe0UrQQ7fp

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b5ecfc442fdc0b09a043c3d9e3c53163706f3f09de58f5d51f0e5bdf9c2389dc

    • Size

      74KB

    • MD5

      a164506da8a983a6bdb53ed32e9a986e

    • SHA1

      d09e0d26f0f8446f48a45b3fa5cb27c8c1c677a0

    • SHA256

      b5ecfc442fdc0b09a043c3d9e3c53163706f3f09de58f5d51f0e5bdf9c2389dc

    • SHA512

      846bb8fd995886111da6ad53e7facde1d710d6ff83a236273e4563041feab06bbbeaac940b3c4a4d4521edc374ba49a3e8c021ba0f606616cca832fa3883cabf

    • SSDEEP

      768:OgkHDI1LU6OErZ+NsfHjL64em97lTfbl9XUcm4JBO/zthgvqtCZpSoBc2Ziytw0M:uU1LZ+Nsf7em97lFmBwgoBpe0UrQQ7fp

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks