Overview

overview

10

Static

static

3

0f75fca874...9e.exe

windows7-x64

10

0f75fca874...9e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f75fca87422f65add8e918dc6fcf99215b225161b976086ac84b9991e6c639e.exe

  • Size

    96KB

  • Sample

    241119-syhwfaxfne

  • MD5

    d1bd5e33bb7e8ec3e6b13c7bf58fb728

  • SHA1

    8108b604e42775624ac32a9e2cfb401b26860773

  • SHA256

    0f75fca87422f65add8e918dc6fcf99215b225161b976086ac84b9991e6c639e

  • SHA512

    13248975ac0c1b5525c0ff602394b27053d7542ef79c2a95555a3acdf9d51843befbcd3315dbfab3f26e5c0aed10e947d9c4761bcae899f99d2cfdb5c2677c67

  • SSDEEP

    1536:kMDBnr7P0FJ1P1kb9/O3SEhvQ8B3HOo88QduV9jojTIvjrl:Hnfe15ZJXZZQd69jc0vt

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0f75fca87422f65add8e918dc6fcf99215b225161b976086ac84b9991e6c639e.exe

    • Size

      96KB

    • MD5

      d1bd5e33bb7e8ec3e6b13c7bf58fb728

    • SHA1

      8108b604e42775624ac32a9e2cfb401b26860773

    • SHA256

      0f75fca87422f65add8e918dc6fcf99215b225161b976086ac84b9991e6c639e

    • SHA512

      13248975ac0c1b5525c0ff602394b27053d7542ef79c2a95555a3acdf9d51843befbcd3315dbfab3f26e5c0aed10e947d9c4761bcae899f99d2cfdb5c2677c67

    • SSDEEP

      1536:kMDBnr7P0FJ1P1kb9/O3SEhvQ8B3HOo88QduV9jojTIvjrl:Hnfe15ZJXZZQd69jc0vt

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks