Overview

overview

10

Static

static

3

8954619d79...0N.exe

windows7-x64

10

8954619d79...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8954619d79c9a22164a36d88b6367d5cf16b668e5b999bc4041a43b0e3b4fa90N

  • Size

    72KB

  • Sample

    241018-nw3qlsxfql

  • MD5

    763736a17df0ba106b6f98d2c3404360

  • SHA1

    36a95596ffe9a7d72e6f390e58b0e10f80f7dcf6

  • SHA256

    8954619d79c9a22164a36d88b6367d5cf16b668e5b999bc4041a43b0e3b4fa90

  • SHA512

    4518889bda2c15a2a7de6803d1073f2387a751974cc68e7eeabc79c851a87b76b65eede22a17accb0f2dda2baf0a06a01460ea9bcabe9d8a6b946930c695033a

  • SSDEEP

    1536:Opv53JcGYjk7awr1l/xZN4FmNvo05ifLHaRa75Hy1Ue5/T6O:kR3Cjsrv/xZMi3WLHaRa75kUeP

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8954619d79c9a22164a36d88b6367d5cf16b668e5b999bc4041a43b0e3b4fa90N

    • Size

      72KB

    • MD5

      763736a17df0ba106b6f98d2c3404360

    • SHA1

      36a95596ffe9a7d72e6f390e58b0e10f80f7dcf6

    • SHA256

      8954619d79c9a22164a36d88b6367d5cf16b668e5b999bc4041a43b0e3b4fa90

    • SHA512

      4518889bda2c15a2a7de6803d1073f2387a751974cc68e7eeabc79c851a87b76b65eede22a17accb0f2dda2baf0a06a01460ea9bcabe9d8a6b946930c695033a

    • SSDEEP

      1536:Opv53JcGYjk7awr1l/xZN4FmNvo05ifLHaRa75Hy1Ue5/T6O:kR3Cjsrv/xZMi3WLHaRa75kUeP

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks