Overview

overview

10

Static

static

10

0934b29e19...0e.exe

windows7-x64

10

0934b29e19...0e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0934b29e195e6f8ce5af358e762e2ed2de0fc3a94667af17297bfb67228f790e

  • Size

    108KB

  • Sample

    241119-x22vyavrhr

  • MD5

    f300afde058177d70621090ebd0a542b

  • SHA1

    57c106d6909e8f4e1cb58e7decd275fe094b1270

  • SHA256

    0934b29e195e6f8ce5af358e762e2ed2de0fc3a94667af17297bfb67228f790e

  • SHA512

    58f367c984d2cc3dc8571bee8e1acb1d668737b04aab9a66314d822076c42d823e123ac172d4453590ddd52bb1dc61ed81cd54735c7241502427bfca800b0833

  • SSDEEP

    3072:dmNatrj4wmepCbrarDjUFcFmKcUsvKwF:dKa5jxnCbrwnwUs

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0934b29e195e6f8ce5af358e762e2ed2de0fc3a94667af17297bfb67228f790e

    • Size

      108KB

    • MD5

      f300afde058177d70621090ebd0a542b

    • SHA1

      57c106d6909e8f4e1cb58e7decd275fe094b1270

    • SHA256

      0934b29e195e6f8ce5af358e762e2ed2de0fc3a94667af17297bfb67228f790e

    • SHA512

      58f367c984d2cc3dc8571bee8e1acb1d668737b04aab9a66314d822076c42d823e123ac172d4453590ddd52bb1dc61ed81cd54735c7241502427bfca800b0833

    • SSDEEP

      3072:dmNatrj4wmepCbrarDjUFcFmKcUsvKwF:dKa5jxnCbrwnwUs

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks