berbew | ebc667b2a05706815e1d9902aef0054bcb6732dba4fd9921fbec7eed89252a29 | Triage

Sharing

General

Target

ebc667b2a05706815e1d9902aef0054bcb6732dba4fd9921fbec7eed89252a29N.exe
Size

90KB
Sample

241120-fgm3lswmcl
MD5

13ea45202e3d20e8baed6c7550cf99b0
SHA1

56acc0c234b310b59d78aa6c0d2b7a7e4af7b411
SHA256

ebc667b2a05706815e1d9902aef0054bcb6732dba4fd9921fbec7eed89252a29
SHA512

5baa53d35635b80e0d9592808e5b4fa3b0b1608361aa44edc8170c87c505e7412f65f77a6e5cbe4f1214724a50b0c953c737c42aca0fd91a18b52579a02a2eb5
SSDEEP

1536:/kmu3cPUxrK8Fy3s+aQEj+9rbEtejJWVvfj9gyhGBjcfLhuIGku/Ub0VkVNK:leciK83/j+9rbBjJQPhmjW3Gku/Ub0+U

Score

10^/10

berbew backdoor discovery persistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

- Target
  
  ebc667b2a05706815e1d9902aef0054bcb6732dba4fd9921fbec7eed89252a29N.exe
- Size
  
  90KB
- MD5
  
  13ea45202e3d20e8baed6c7550cf99b0
- SHA1
  
  56acc0c234b310b59d78aa6c0d2b7a7e4af7b411
- SHA256
  
  ebc667b2a05706815e1d9902aef0054bcb6732dba4fd9921fbec7eed89252a29
- SHA512
  
  5baa53d35635b80e0d9592808e5b4fa3b0b1608361aa44edc8170c87c505e7412f65f77a6e5cbe4f1214724a50b0c953c737c42aca0fd91a18b52579a02a2eb5
- SSDEEP
  
  1536:/kmu3cPUxrK8Fy3s+aQEj+9rbEtejJWVvfj9gyhGBjcfLhuIGku/Ub0VkVNK:leciK83/j+9rbBjJQPhmjW3Gku/Ub0+U
Score

10^/10

berbew backdoor discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Berbew family
  berbew
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbackdoordiscoverypersistence

behavioral2

berbewbackdoordiscoverypersistence