Overview

overview

10

Static

static

3

1a831241fc...8N.exe

windows7-x64

10

1a831241fc...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a831241fcbd0c856b68c2f49c085c289779e6503e8d73adf2fd4e188370b4e8N.exe

  • Size

    89KB

  • Sample

    241119-slbatsybnm

  • MD5

    5aa2adf71fd1947fc38c228b6b3a8a70

  • SHA1

    02eddf024a2bcdcdab65c1e3788ac2e5e8e8035c

  • SHA256

    1a831241fcbd0c856b68c2f49c085c289779e6503e8d73adf2fd4e188370b4e8

  • SHA512

    73c5cc5cd43ca41d6160e38068fe6004b1d277ffaa7fdb27ee7bc8d404775332fa60802df3f5ed2c8aed4a01395fb839be80571b0ce081e3118888d44f1797eb

  • SSDEEP

    1536:iJIFCTz9bQfT42nCGmg57kyx/PN/WLbcolExkg8F:icCWT42nCGrkIPELbcolakgw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1a831241fcbd0c856b68c2f49c085c289779e6503e8d73adf2fd4e188370b4e8N.exe

    • Size

      89KB

    • MD5

      5aa2adf71fd1947fc38c228b6b3a8a70

    • SHA1

      02eddf024a2bcdcdab65c1e3788ac2e5e8e8035c

    • SHA256

      1a831241fcbd0c856b68c2f49c085c289779e6503e8d73adf2fd4e188370b4e8

    • SHA512

      73c5cc5cd43ca41d6160e38068fe6004b1d277ffaa7fdb27ee7bc8d404775332fa60802df3f5ed2c8aed4a01395fb839be80571b0ce081e3118888d44f1797eb

    • SSDEEP

      1536:iJIFCTz9bQfT42nCGmg57kyx/PN/WLbcolExkg8F:icCWT42nCGrkIPELbcolakgw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks