Overview

overview

10

Static

static

3

f051088140...80.exe

windows7-x64

10

f051088140...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f051088140585649292d82390d8c78f3ddf761cc824fe9527b35883701a4c680.exe

  • Size

    296KB

  • Sample

    241120-dk6m1stqfk

  • MD5

    2fb8c88b64ed3d5b84fd0e0da733c4f6

  • SHA1

    f7650ad7c9a4da996f8ebf26172ad473aeb2f5d3

  • SHA256

    f051088140585649292d82390d8c78f3ddf761cc824fe9527b35883701a4c680

  • SHA512

    667c556dacb118079ad8e2e64be1decaca5f3012bdfb26f5fe0cf61b19786e91e5fb33098ab4d7fe680dcf6c6b9b4969b8ead7645d09fe1d1ad95f1ca8a16891

  • SSDEEP

    3072:m9pqU9CxwghNQfvS5SFQeDbRRePuVHzBARA1+6NhZ6P0c9fpxg6pg:s2xwsSf65QRReP+3NPKG6g

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f051088140585649292d82390d8c78f3ddf761cc824fe9527b35883701a4c680.exe

    • Size

      296KB

    • MD5

      2fb8c88b64ed3d5b84fd0e0da733c4f6

    • SHA1

      f7650ad7c9a4da996f8ebf26172ad473aeb2f5d3

    • SHA256

      f051088140585649292d82390d8c78f3ddf761cc824fe9527b35883701a4c680

    • SHA512

      667c556dacb118079ad8e2e64be1decaca5f3012bdfb26f5fe0cf61b19786e91e5fb33098ab4d7fe680dcf6c6b9b4969b8ead7645d09fe1d1ad95f1ca8a16891

    • SSDEEP

      3072:m9pqU9CxwghNQfvS5SFQeDbRRePuVHzBARA1+6NhZ6P0c9fpxg6pg:s2xwsSf65QRReP+3NPKG6g

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks