Overview

overview

10

Static

static

3

f134024659...75.exe

windows7-x64

10

f134024659...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f134024659041e9dea197f74b722108f5ec824b848607dcec16dfac08a1b2d75.exe

  • Size

    324KB

  • Sample

    241120-f4wy2asfnm

  • MD5

    8d2e0070d29b75338f8c9df3774dc5ce

  • SHA1

    c520a82473cc11a117c134e9ac44928aa22eec52

  • SHA256

    f134024659041e9dea197f74b722108f5ec824b848607dcec16dfac08a1b2d75

  • SHA512

    2db5f0cbdc5e1d43c51e242de67d457193881d2fb6d1f923c6e69042c64f1ef7646d4ac826cf5a6ce8a9f43ba87b905d2fcf8e3c9e96478773eb9e8098304120

  • SSDEEP

    6144:aJO07Yqc+lM49q13zd5IF6rfBBcVPINRFYpfZvT6zAWq6JMf3us8ws:hs/r9Yp5IFy5BcVPINRFYpfZvTmAWqeh

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f134024659041e9dea197f74b722108f5ec824b848607dcec16dfac08a1b2d75.exe

    • Size

      324KB

    • MD5

      8d2e0070d29b75338f8c9df3774dc5ce

    • SHA1

      c520a82473cc11a117c134e9ac44928aa22eec52

    • SHA256

      f134024659041e9dea197f74b722108f5ec824b848607dcec16dfac08a1b2d75

    • SHA512

      2db5f0cbdc5e1d43c51e242de67d457193881d2fb6d1f923c6e69042c64f1ef7646d4ac826cf5a6ce8a9f43ba87b905d2fcf8e3c9e96478773eb9e8098304120

    • SSDEEP

      6144:aJO07Yqc+lM49q13zd5IF6rfBBcVPINRFYpfZvT6zAWq6JMf3us8ws:hs/r9Yp5IFy5BcVPINRFYpfZvTmAWqeh

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks