Overview

overview

10

Static

static

3

4583fbe736...8N.exe

windows7-x64

10

4583fbe736...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4583fbe73623bb27456e6e984d6710756224d36e063347f6a6c16b81ef8e8d18N.exe

  • Size

    96KB

  • Sample

    241120-gg93taslb1

  • MD5

    bf4f39d615d2f8d968cfd447a2be4580

  • SHA1

    450f70c7fb48f50e283b80036b5214885e2586ab

  • SHA256

    4583fbe73623bb27456e6e984d6710756224d36e063347f6a6c16b81ef8e8d18

  • SHA512

    1f61544e72441092973d393ca64f79117852f25039cb220d7e3c2b8ca7037fc50416d972fb5840ee1b04288e8e0906cb1013625e585a613088f8338a53be5ad5

  • SSDEEP

    1536:fR+Xh5Mn9tpNX/y935T7u9p7nCUiY7XJulTPHnzLoduV9jojTIvjrH:QMn7/yFkOHYTSLkd69jc0vf

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4583fbe73623bb27456e6e984d6710756224d36e063347f6a6c16b81ef8e8d18N.exe

    • Size

      96KB

    • MD5

      bf4f39d615d2f8d968cfd447a2be4580

    • SHA1

      450f70c7fb48f50e283b80036b5214885e2586ab

    • SHA256

      4583fbe73623bb27456e6e984d6710756224d36e063347f6a6c16b81ef8e8d18

    • SHA512

      1f61544e72441092973d393ca64f79117852f25039cb220d7e3c2b8ca7037fc50416d972fb5840ee1b04288e8e0906cb1013625e585a613088f8338a53be5ad5

    • SSDEEP

      1536:fR+Xh5Mn9tpNX/y935T7u9p7nCUiY7XJulTPHnzLoduV9jojTIvjrH:QMn7/yFkOHYTSLkd69jc0vf

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks