Overview

overview

10

Static

static

3

4166c18e94...dc.exe

windows7-x64

10

4166c18e94...dc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4166c18e94399d6ddb7022655c3460dd3ecb79bfc04b346ada1f0dbc3a833adc

  • Size

    88KB

  • Sample

    241123-1lay3atrgq

  • MD5

    273258e53966dab43aa1ff3b8e5dce47

  • SHA1

    111d29948d574e3d1dc8b31c88f8b81654c59c66

  • SHA256

    4166c18e94399d6ddb7022655c3460dd3ecb79bfc04b346ada1f0dbc3a833adc

  • SHA512

    183ee654ddb8760e811f0c870fc57fcf55e2543ce791a850b2daaf78c5b9881bb2d38070e5d7be1add818f380401e06c82f5598917a09a6f3fb742d087302d37

  • SSDEEP

    1536:BXDZisktxKm/q76GF/GrAVcqRQVrXychuAa7n49sMu0gNUYsa6D7Ygnouy8L:VAFwt/GdGSrXyP74Aglam73outL

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4166c18e94399d6ddb7022655c3460dd3ecb79bfc04b346ada1f0dbc3a833adc

    • Size

      88KB

    • MD5

      273258e53966dab43aa1ff3b8e5dce47

    • SHA1

      111d29948d574e3d1dc8b31c88f8b81654c59c66

    • SHA256

      4166c18e94399d6ddb7022655c3460dd3ecb79bfc04b346ada1f0dbc3a833adc

    • SHA512

      183ee654ddb8760e811f0c870fc57fcf55e2543ce791a850b2daaf78c5b9881bb2d38070e5d7be1add818f380401e06c82f5598917a09a6f3fb742d087302d37

    • SSDEEP

      1536:BXDZisktxKm/q76GF/GrAVcqRQVrXychuAa7n49sMu0gNUYsa6D7Ygnouy8L:VAFwt/GdGSrXyP74Aglam73outL

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks