Overview

overview

10

Static

static

3

f8de1d02cc...7e.exe

windows7-x64

10

f8de1d02cc...7e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8de1d02ccb8367ba1741204e0f399ec9ad7e62ec7fbf5462cc9dd1ad0b0937e

  • Size

    576KB

  • Sample

    241121-p74mqaslhv

  • MD5

    bf7031a1141610796f9db2c470471a46

  • SHA1

    2cd2042572d62bd12af29cdf8db2ed40f8d1216c

  • SHA256

    f8de1d02ccb8367ba1741204e0f399ec9ad7e62ec7fbf5462cc9dd1ad0b0937e

  • SHA512

    cc0fc11b68e59b8079b7b9e3b459fc3a729f1c1fcdadfaed22fff5d5cf87beda58715a416e98c850c555719c0172100b8f60f666582f7e70a64d304720dd6bac

  • SSDEEP

    12288:k1IgGyXu1jGG1ws5iETdqvZNemWrsiLk6mqgSgRD+:lgGyXsGG1ws5ipXq

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f8de1d02ccb8367ba1741204e0f399ec9ad7e62ec7fbf5462cc9dd1ad0b0937e

    • Size

      576KB

    • MD5

      bf7031a1141610796f9db2c470471a46

    • SHA1

      2cd2042572d62bd12af29cdf8db2ed40f8d1216c

    • SHA256

      f8de1d02ccb8367ba1741204e0f399ec9ad7e62ec7fbf5462cc9dd1ad0b0937e

    • SHA512

      cc0fc11b68e59b8079b7b9e3b459fc3a729f1c1fcdadfaed22fff5d5cf87beda58715a416e98c850c555719c0172100b8f60f666582f7e70a64d304720dd6bac

    • SSDEEP

      12288:k1IgGyXu1jGG1ws5iETdqvZNemWrsiLk6mqgSgRD+:lgGyXsGG1ws5ipXq

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks