Overview

overview

10

Static

static

3

692afa023f...fe.exe

windows7-x64

10

692afa023f...fe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    692afa023fd6ef6e5a2a74b922fef524a377a7ac3396c66bbb7302ecfd6354fe.exe

  • Size

    96KB

  • Sample

    241120-egn48szpbv

  • MD5

    4c846c2516b746fa1e5963f679dfb2c4

  • SHA1

    9cb2ed803bf126a4d54e43740a22ef66bc998e22

  • SHA256

    692afa023fd6ef6e5a2a74b922fef524a377a7ac3396c66bbb7302ecfd6354fe

  • SHA512

    1ff76d0e68d9cfe38930e5cc0e1c9500760588a495ae50e8b03fb373c19226f1d0afcaa291cd753097e247607687df7080d9c10f779e1d51de8a402043f44c95

  • SSDEEP

    1536:iXv9/P7/VZkayM3xyZ9gKFS3shR444444444444444444444444444444444Ay4c:iFn7fB3ygKLR15OmCCMyELiAHONdu

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      692afa023fd6ef6e5a2a74b922fef524a377a7ac3396c66bbb7302ecfd6354fe.exe

    • Size

      96KB

    • MD5

      4c846c2516b746fa1e5963f679dfb2c4

    • SHA1

      9cb2ed803bf126a4d54e43740a22ef66bc998e22

    • SHA256

      692afa023fd6ef6e5a2a74b922fef524a377a7ac3396c66bbb7302ecfd6354fe

    • SHA512

      1ff76d0e68d9cfe38930e5cc0e1c9500760588a495ae50e8b03fb373c19226f1d0afcaa291cd753097e247607687df7080d9c10f779e1d51de8a402043f44c95

    • SSDEEP

      1536:iXv9/P7/VZkayM3xyZ9gKFS3shR444444444444444444444444444444444Ay4c:iFn7fB3ygKLR15OmCCMyELiAHONdu

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks