Overview

overview

10

Static

static

3

d9ba879999...1N.exe

windows7-x64

10

d9ba879999...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9ba879999eb82b5de325c9d3a6ee62bc40581f1cfaf357cd07567efafa63dd1N.exe

  • Size

    98KB

  • Sample

    241119-panj8swfrq

  • MD5

    c9c4dbaee5cdb45b44cc87b982f97550

  • SHA1

    26d29382b030f19a34178e3520fdb885a56944d8

  • SHA256

    d9ba879999eb82b5de325c9d3a6ee62bc40581f1cfaf357cd07567efafa63dd1

  • SHA512

    0c22f0599dd1f4c64f035a24e8918360464313c67605bb3663acbdc45788e7e45d1b7446e00aa8e882c8ae8da4fdbab74918a7d11ec2eae52534c28f2da2825e

  • SSDEEP

    3072:a5ooDWf8O5vMWMEymb0EieFKPD375lHzpa1P:o7whZwEieYr75lHzpaF

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d9ba879999eb82b5de325c9d3a6ee62bc40581f1cfaf357cd07567efafa63dd1N.exe

    • Size

      98KB

    • MD5

      c9c4dbaee5cdb45b44cc87b982f97550

    • SHA1

      26d29382b030f19a34178e3520fdb885a56944d8

    • SHA256

      d9ba879999eb82b5de325c9d3a6ee62bc40581f1cfaf357cd07567efafa63dd1

    • SHA512

      0c22f0599dd1f4c64f035a24e8918360464313c67605bb3663acbdc45788e7e45d1b7446e00aa8e882c8ae8da4fdbab74918a7d11ec2eae52534c28f2da2825e

    • SSDEEP

      3072:a5ooDWf8O5vMWMEymb0EieFKPD375lHzpa1P:o7whZwEieYr75lHzpaF

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks