Overview

overview

10

Static

static

3

bd8de4be17...fN.exe

windows7-x64

10

bd8de4be17...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd8de4be174c0895ffcf9d78f45ebd4db51b9ec5b7e2786bc27f58001603bb9fN

  • Size

    128KB

  • Sample

    241015-hgmsysvaln

  • MD5

    b5d89fbc92843425244b0c79292c45e0

  • SHA1

    bc83d2fc80a96c73efc911a0616a95a370f4d9db

  • SHA256

    bd8de4be174c0895ffcf9d78f45ebd4db51b9ec5b7e2786bc27f58001603bb9f

  • SHA512

    85c366bdadf0bd13f037592b9de34515cab9d0635bbc128adb1d90c7568ee0a8f52fbcceed86704cd36256348ab4bb0b0c7f67e114ce6382cb0f4aff23ab27a5

  • SSDEEP

    3072:YGw5hH4UhVMgAexyn+0Dd1AZoUBW3FJeRuaWNXmgu+tB:sfhIuG+GdWZHEFJ7aWN1B

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bd8de4be174c0895ffcf9d78f45ebd4db51b9ec5b7e2786bc27f58001603bb9fN

    • Size

      128KB

    • MD5

      b5d89fbc92843425244b0c79292c45e0

    • SHA1

      bc83d2fc80a96c73efc911a0616a95a370f4d9db

    • SHA256

      bd8de4be174c0895ffcf9d78f45ebd4db51b9ec5b7e2786bc27f58001603bb9f

    • SHA512

      85c366bdadf0bd13f037592b9de34515cab9d0635bbc128adb1d90c7568ee0a8f52fbcceed86704cd36256348ab4bb0b0c7f67e114ce6382cb0f4aff23ab27a5

    • SSDEEP

      3072:YGw5hH4UhVMgAexyn+0Dd1AZoUBW3FJeRuaWNXmgu+tB:sfhIuG+GdWZHEFJ7aWN1B

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks