Overview

overview

10

Static

static

10

27b1953e1f...5N.exe

windows7-x64

10

27b1953e1f...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27b1953e1f9f16777be54e55694db1a73a9a9b319211222844865cfdd52b4455N.exe

  • Size

    276KB

  • Sample

    241119-s1x35sxmhz

  • MD5

    3db136d31ddc20634bdbeef294a54c30

  • SHA1

    aa00bf2fa6db97ec3cd5dc95db1de850131a8c34

  • SHA256

    27b1953e1f9f16777be54e55694db1a73a9a9b319211222844865cfdd52b4455

  • SHA512

    f3506a3fd10c54deb604bf6642747810264e92a8bb6a8d7fcddd07b88f9d46f48a163348c507e81bd2f321e6d6599b3991799600971ebb148d48ee449c54859f

  • SSDEEP

    3072:+KhyNCq8NQYyMhl63M9XeS5pAgYIqGvJ6887lbyMGjXF1kqaholmtbCQVDrM8d7w:cNCqwnTXdZMGXF5ahdt3rM8d7TtLa

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      27b1953e1f9f16777be54e55694db1a73a9a9b319211222844865cfdd52b4455N.exe

    • Size

      276KB

    • MD5

      3db136d31ddc20634bdbeef294a54c30

    • SHA1

      aa00bf2fa6db97ec3cd5dc95db1de850131a8c34

    • SHA256

      27b1953e1f9f16777be54e55694db1a73a9a9b319211222844865cfdd52b4455

    • SHA512

      f3506a3fd10c54deb604bf6642747810264e92a8bb6a8d7fcddd07b88f9d46f48a163348c507e81bd2f321e6d6599b3991799600971ebb148d48ee449c54859f

    • SSDEEP

      3072:+KhyNCq8NQYyMhl63M9XeS5pAgYIqGvJ6887lbyMGjXF1kqaholmtbCQVDrM8d7w:cNCqwnTXdZMGXF5ahdt3rM8d7TtLa

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks