Overview

overview

10

Static

static

3

866e49dd7b...fN.exe

windows7-x64

10

866e49dd7b...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    866e49dd7bfc0fb902f21e562abae1f3e7b611f614ddfaeb0566154dd48fe95fN

  • Size

    145KB

  • Sample

    241018-mzg3msshje

  • MD5

    1ad2a72cea00e3a68be2df98648b69b0

  • SHA1

    3ae19cab6b41ac81aed6319273c1777d03006d57

  • SHA256

    866e49dd7bfc0fb902f21e562abae1f3e7b611f614ddfaeb0566154dd48fe95f

  • SHA512

    f6cb186d716152f011d65ae2bd23563c8355d706c908fc3a246118426d0ec84e01ef655bd8286bea4a2cf08f8b58d9834afb82e4886c5387239564aba0a52e1f

  • SSDEEP

    1536:SJfHxbh79KqzoqCpgw0Yo991nJaKLmxxtdOvaTxNWNURonkWEF+t2KTn8+hAntZv:S3SUUrG1EKFvIxYKRonkWEh+h63

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      866e49dd7bfc0fb902f21e562abae1f3e7b611f614ddfaeb0566154dd48fe95fN

    • Size

      145KB

    • MD5

      1ad2a72cea00e3a68be2df98648b69b0

    • SHA1

      3ae19cab6b41ac81aed6319273c1777d03006d57

    • SHA256

      866e49dd7bfc0fb902f21e562abae1f3e7b611f614ddfaeb0566154dd48fe95f

    • SHA512

      f6cb186d716152f011d65ae2bd23563c8355d706c908fc3a246118426d0ec84e01ef655bd8286bea4a2cf08f8b58d9834afb82e4886c5387239564aba0a52e1f

    • SSDEEP

      1536:SJfHxbh79KqzoqCpgw0Yo991nJaKLmxxtdOvaTxNWNURonkWEF+t2KTn8+hAntZv:S3SUUrG1EKFvIxYKRonkWEh+h63

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks