Overview

overview

10

Static

static

3

a3f7f40d1d...46.exe

windows7-x64

10

a3f7f40d1d...46.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3f7f40d1d6f9c32be828b0a6f94a1aa2bb517d73a498cfb79a39360d4baee46.exe

  • Size

    90KB

  • Sample

    241120-fkvlvswmgn

  • MD5

    26e819b6ccc746915cb4f2e20aef11c8

  • SHA1

    dd2ae16e175a8f8c39e4c0a48d20d1597094d98a

  • SHA256

    a3f7f40d1d6f9c32be828b0a6f94a1aa2bb517d73a498cfb79a39360d4baee46

  • SHA512

    625e98d8c166c6f63c4bd35223f4d4918edb3b88ef0eb42240e4d3bc6cfaa4bf27d0f61d865da1647101cb0af429c97a884c7d947c202b2d781295bf3e6b66a5

  • SSDEEP

    1536:WjYWxdvvvLmDgVfNP1aspN6OrtLnwwyWecMQJz0XvfOOQ/4BrGTI5Yx5:mvjmDO1npByW3JInU/4kT0Yx5

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a3f7f40d1d6f9c32be828b0a6f94a1aa2bb517d73a498cfb79a39360d4baee46.exe

    • Size

      90KB

    • MD5

      26e819b6ccc746915cb4f2e20aef11c8

    • SHA1

      dd2ae16e175a8f8c39e4c0a48d20d1597094d98a

    • SHA256

      a3f7f40d1d6f9c32be828b0a6f94a1aa2bb517d73a498cfb79a39360d4baee46

    • SHA512

      625e98d8c166c6f63c4bd35223f4d4918edb3b88ef0eb42240e4d3bc6cfaa4bf27d0f61d865da1647101cb0af429c97a884c7d947c202b2d781295bf3e6b66a5

    • SSDEEP

      1536:WjYWxdvvvLmDgVfNP1aspN6OrtLnwwyWecMQJz0XvfOOQ/4BrGTI5Yx5:mvjmDO1npByW3JInU/4kT0Yx5

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks