Overview

overview

10

Static

static

3

acbd2a5fc2...9N.exe

windows7-x64

10

acbd2a5fc2...9N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    acbd2a5fc2374b15f9e97c10879da39c0aadad8ddebf52e80ba775393426f0f9N

  • Size

    72KB

  • Sample

    241017-1x2adsygpe

  • MD5

    4efd0e1586d08405cab85326d92ea460

  • SHA1

    1f28f186851c99eca4f3d05fe3d93d80071a8144

  • SHA256

    acbd2a5fc2374b15f9e97c10879da39c0aadad8ddebf52e80ba775393426f0f9

  • SHA512

    90d47a17181684562086b73e27db2a7bd18c43e41877057804f8fa2ecdb101eed455117e67a443f244e91b25ea24a8819643de6ca390148cb5fa76dc87125f1b

  • SSDEEP

    1536:Eqw7+2ifQGQ73ebrpWjaZvFhB6AacuY67ZZHRbb2Py7hI81:EfsOubrnT+clmZZxmPWO8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      acbd2a5fc2374b15f9e97c10879da39c0aadad8ddebf52e80ba775393426f0f9N

    • Size

      72KB

    • MD5

      4efd0e1586d08405cab85326d92ea460

    • SHA1

      1f28f186851c99eca4f3d05fe3d93d80071a8144

    • SHA256

      acbd2a5fc2374b15f9e97c10879da39c0aadad8ddebf52e80ba775393426f0f9

    • SHA512

      90d47a17181684562086b73e27db2a7bd18c43e41877057804f8fa2ecdb101eed455117e67a443f244e91b25ea24a8819643de6ca390148cb5fa76dc87125f1b

    • SSDEEP

      1536:Eqw7+2ifQGQ73ebrpWjaZvFhB6AacuY67ZZHRbb2Py7hI81:EfsOubrnT+clmZZxmPWO8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks