Overview

overview

10

Static

static

3

1d649049fa...5N.exe

windows7-x64

10

1d649049fa...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d649049fae4ee11fc8abf8e7da6d98d486f6880ad71be56e04aca07464b1825N.exe

  • Size

    960KB

  • Sample

    241120-c5vktazblj

  • MD5

    f3679f54c4721ebdcf539f0b6bd6f320

  • SHA1

    71a61a26a194a4de4d054998fbf9c7b572bd21d3

  • SHA256

    1d649049fae4ee11fc8abf8e7da6d98d486f6880ad71be56e04aca07464b1825

  • SHA512

    01488eaa8ba5c8b754def1717a0529f3879fc840914cb4b5a03c35535ae2cef5d6b153039252260cfe9aafe686c80abb050afffd187d653c9bb2e720a20e16e3

  • SSDEEP

    12288:ooGB80mkY660fIaDZkY660f8jTK/XhdAwlt01PBExKN4P6IfKTLR+6CwU+:OBlmgsaDZgQjGkwlks/6Ht

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1d649049fae4ee11fc8abf8e7da6d98d486f6880ad71be56e04aca07464b1825N.exe

    • Size

      960KB

    • MD5

      f3679f54c4721ebdcf539f0b6bd6f320

    • SHA1

      71a61a26a194a4de4d054998fbf9c7b572bd21d3

    • SHA256

      1d649049fae4ee11fc8abf8e7da6d98d486f6880ad71be56e04aca07464b1825

    • SHA512

      01488eaa8ba5c8b754def1717a0529f3879fc840914cb4b5a03c35535ae2cef5d6b153039252260cfe9aafe686c80abb050afffd187d653c9bb2e720a20e16e3

    • SSDEEP

      12288:ooGB80mkY660fIaDZkY660f8jTK/XhdAwlt01PBExKN4P6IfKTLR+6CwU+:OBlmgsaDZgQjGkwlks/6Ht

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks