Overview

overview

10

Static

static

10

dcf0fbea9b...aN.exe

windows7-x64

10

dcf0fbea9b...aN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    dcf0fbea9b2e88d24dc4408db18566e77dc2487497aba7a7fa97861f5dc92b2aN

  • Size

    192KB

  • Sample

    241017-ypxwwswflp

  • MD5

    c545743c4a2a03dfc017e05021e89680

  • SHA1

    2a93e844e8272dae04f24e767b279b5716471c91

  • SHA256

    dcf0fbea9b2e88d24dc4408db18566e77dc2487497aba7a7fa97861f5dc92b2a

  • SHA512

    8ccda6e4b9538229b998587054a644700776b337ada4c12d7aa901543b3df4d708586fd0d7a00e074a5601011f1222f1dd45a5e33f314d6f822e30d38e0b97b9

  • SSDEEP

    3072:RNwk1Q5z3QN3TV5m5Ju63FQo7fnEBctcp/+wreVism:ReYQ5zAN3TV5m5Ju63FF7fPtcsw6U1

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dcf0fbea9b2e88d24dc4408db18566e77dc2487497aba7a7fa97861f5dc92b2aN

    • Size

      192KB

    • MD5

      c545743c4a2a03dfc017e05021e89680

    • SHA1

      2a93e844e8272dae04f24e767b279b5716471c91

    • SHA256

      dcf0fbea9b2e88d24dc4408db18566e77dc2487497aba7a7fa97861f5dc92b2a

    • SHA512

      8ccda6e4b9538229b998587054a644700776b337ada4c12d7aa901543b3df4d708586fd0d7a00e074a5601011f1222f1dd45a5e33f314d6f822e30d38e0b97b9

    • SSDEEP

      3072:RNwk1Q5z3QN3TV5m5Ju63FQo7fnEBctcp/+wreVism:ReYQ5zAN3TV5m5Ju63FF7fPtcsw6U1

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks