Overview

overview

10

Static

static

3

946fce8570...7e.exe

windows7-x64

10

946fce8570...7e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    946fce857092701750903603e83ed0ce6119f0e5b6133d59d07040b9d7e6ef7e.exe

  • Size

    96KB

  • Sample

    241120-f2lqaa1rct

  • MD5

    78aee5c19b06956a45f3cb222f8cd6ec

  • SHA1

    7cd92adf544743c3a594538cea874b754da24619

  • SHA256

    946fce857092701750903603e83ed0ce6119f0e5b6133d59d07040b9d7e6ef7e

  • SHA512

    1849b0e1ab5f46a44b1ab5da386d0d7ffd52aafafc8c2b84c5c907e312d6e9ab0682733674d22b3df8b809e40853a16f340757d86478d1ea5b8822e8ba7d189f

  • SSDEEP

    1536:nYXDlYC/kjjEU1hOUkjvbbLnZlX9rCIADvhNduV9jojTIvjrl:nYXDqakjBhO3fbKvhNd69jc0vt

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      946fce857092701750903603e83ed0ce6119f0e5b6133d59d07040b9d7e6ef7e.exe

    • Size

      96KB

    • MD5

      78aee5c19b06956a45f3cb222f8cd6ec

    • SHA1

      7cd92adf544743c3a594538cea874b754da24619

    • SHA256

      946fce857092701750903603e83ed0ce6119f0e5b6133d59d07040b9d7e6ef7e

    • SHA512

      1849b0e1ab5f46a44b1ab5da386d0d7ffd52aafafc8c2b84c5c907e312d6e9ab0682733674d22b3df8b809e40853a16f340757d86478d1ea5b8822e8ba7d189f

    • SSDEEP

      1536:nYXDlYC/kjjEU1hOUkjvbbLnZlX9rCIADvhNduV9jojTIvjrl:nYXDqakjBhO3fbKvhNd69jc0vt

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks