Overview

overview

10

Static

static

3

b9f14b9d40...dN.exe

windows7-x64

10

b9f14b9d40...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b9f14b9d403f134b90d451e29dabdb030d23548e9453fc390a181242f507ad4dN

  • Size

    74KB

  • Sample

    241017-w27whs1hjq

  • MD5

    5de4a0a4490885184259f6bd112e2c50

  • SHA1

    85533c12362253f6efe7a29b11ac5456c2b658bc

  • SHA256

    b9f14b9d403f134b90d451e29dabdb030d23548e9453fc390a181242f507ad4d

  • SHA512

    63bac38a41cd2c0c0c5b74a79de3a1468b2ad476608b384e2916c34ed960a3afa7cccf32f36d54dc91a739e1f0f7c714900d5ca0850881a5f1cd9381739e8a86

  • SSDEEP

    1536:1O7iCl2YGY/K3xNhEwrrdYcZlec3E4xemjtyNzlu:1OBAYY3nhEwrrdtBFxemjtyNz0

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b9f14b9d403f134b90d451e29dabdb030d23548e9453fc390a181242f507ad4dN

    • Size

      74KB

    • MD5

      5de4a0a4490885184259f6bd112e2c50

    • SHA1

      85533c12362253f6efe7a29b11ac5456c2b658bc

    • SHA256

      b9f14b9d403f134b90d451e29dabdb030d23548e9453fc390a181242f507ad4d

    • SHA512

      63bac38a41cd2c0c0c5b74a79de3a1468b2ad476608b384e2916c34ed960a3afa7cccf32f36d54dc91a739e1f0f7c714900d5ca0850881a5f1cd9381739e8a86

    • SSDEEP

      1536:1O7iCl2YGY/K3xNhEwrrdYcZlec3E4xemjtyNzlu:1OBAYY3nhEwrrdtBFxemjtyNz0

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks