Overview

overview

10

Static

static

3

29cd6eb38b...9N.exe

windows7-x64

10

29cd6eb38b...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29cd6eb38bfeb72cc46c7b8c00b5b4657f48f8e5e1a579d08a7a55f2e8e5e029N.exe

  • Size

    80KB

  • Sample

    241119-lty9asynfj

  • MD5

    779560e731985e4d52b7015477242800

  • SHA1

    0908fcb263ec165bf9120831e3b722e057931064

  • SHA256

    29cd6eb38bfeb72cc46c7b8c00b5b4657f48f8e5e1a579d08a7a55f2e8e5e029

  • SHA512

    a8abe0958ffd7db26d4b2719865465aee49f267682f2024b8c43da8db14be597248fb6b7cb48f8cd2054068d4cdbaa52ad5a879d575cffbeacfb3328bef29c53

  • SSDEEP

    1536:QWNKrSMvdHxw4Zf6KGsJ4A6tIHfv2NZHSwWPTFeJuqnhCX:QsASMvzw4ZfHGm44X2NhSwWPTFeJLCX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      29cd6eb38bfeb72cc46c7b8c00b5b4657f48f8e5e1a579d08a7a55f2e8e5e029N.exe

    • Size

      80KB

    • MD5

      779560e731985e4d52b7015477242800

    • SHA1

      0908fcb263ec165bf9120831e3b722e057931064

    • SHA256

      29cd6eb38bfeb72cc46c7b8c00b5b4657f48f8e5e1a579d08a7a55f2e8e5e029

    • SHA512

      a8abe0958ffd7db26d4b2719865465aee49f267682f2024b8c43da8db14be597248fb6b7cb48f8cd2054068d4cdbaa52ad5a879d575cffbeacfb3328bef29c53

    • SSDEEP

      1536:QWNKrSMvdHxw4Zf6KGsJ4A6tIHfv2NZHSwWPTFeJuqnhCX:QsASMvzw4ZfHGm44X2NhSwWPTFeJLCX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks