Overview

overview

10

Static

static

3

219b11b766...98.exe

windows7-x64

10

219b11b766...98.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    219b11b76671b8c0265995a6752dab82cc9c916bae9d512b33ccfff386efef98

  • Size

    72KB

  • Sample

    241017-x1t4ps1fjd

  • MD5

    29dd95d890ba0d2d6f5ea8920dfbcc3c

  • SHA1

    7d2c43b37e66faeb6f3307b021dc7ca366206943

  • SHA256

    219b11b76671b8c0265995a6752dab82cc9c916bae9d512b33ccfff386efef98

  • SHA512

    8105c24e2a7dee4d3b357a0601666c30019f2ed548704bb5d773fa198332c49c0f33a595843b5ee38613b5bc5bc9c3cadd2eadf9c1c6cbc545f42572de782f05

  • SSDEEP

    1536:xHfUe94ov48rpxMZrD55P/Cf8mVjhdw0LvV41a0B9q:ue94m7MZrDPINZh0amc

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      219b11b76671b8c0265995a6752dab82cc9c916bae9d512b33ccfff386efef98

    • Size

      72KB

    • MD5

      29dd95d890ba0d2d6f5ea8920dfbcc3c

    • SHA1

      7d2c43b37e66faeb6f3307b021dc7ca366206943

    • SHA256

      219b11b76671b8c0265995a6752dab82cc9c916bae9d512b33ccfff386efef98

    • SHA512

      8105c24e2a7dee4d3b357a0601666c30019f2ed548704bb5d773fa198332c49c0f33a595843b5ee38613b5bc5bc9c3cadd2eadf9c1c6cbc545f42572de782f05

    • SSDEEP

      1536:xHfUe94ov48rpxMZrD55P/Cf8mVjhdw0LvV41a0B9q:ue94m7MZrDPINZh0amc

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks