Overview

overview

10

Static

static

3

35b4e59cc4...3b.exe

windows7-x64

10

35b4e59cc4...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35b4e59cc464f6aa931a877e795102b1ec9e3c96bf914457bfc29dabe58d0e3b.exe

  • Size

    161KB

  • Sample

    241119-p6zmdawdjg

  • MD5

    22fea7738a7a029b3525a70d15b6b0a3

  • SHA1

    9e14cf7915130c49ea878428e7a172507f2b0e1a

  • SHA256

    35b4e59cc464f6aa931a877e795102b1ec9e3c96bf914457bfc29dabe58d0e3b

  • SHA512

    a0b24e1a764bcfeaf9aa5eede83fdb1b64eca610341e46e2d1be8e0085b983349d0a1674f6dd566a72a36a7f392c38ca9cf3a05874d0ea7332749ff576203bb3

  • SSDEEP

    3072:M/uHSuKKeuExyZs9XXWjkTvWsAFrekCVwtCJXeex7rrIRZK8K8/kv9:SKeuZ+XRvWgkCVwtmeetrIyR9

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      35b4e59cc464f6aa931a877e795102b1ec9e3c96bf914457bfc29dabe58d0e3b.exe

    • Size

      161KB

    • MD5

      22fea7738a7a029b3525a70d15b6b0a3

    • SHA1

      9e14cf7915130c49ea878428e7a172507f2b0e1a

    • SHA256

      35b4e59cc464f6aa931a877e795102b1ec9e3c96bf914457bfc29dabe58d0e3b

    • SHA512

      a0b24e1a764bcfeaf9aa5eede83fdb1b64eca610341e46e2d1be8e0085b983349d0a1674f6dd566a72a36a7f392c38ca9cf3a05874d0ea7332749ff576203bb3

    • SSDEEP

      3072:M/uHSuKKeuExyZs9XXWjkTvWsAFrekCVwtCJXeex7rrIRZK8K8/kv9:SKeuZ+XRvWgkCVwtmeetrIyR9

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks