Overview

overview

10

Static

static

3

0cf9a34bbd...99.exe

windows7-x64

10

0cf9a34bbd...99.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cf9a34bbdbd8e12640f4b7c1eeb78a380826452a6872642381ca09bb8923699.exe

  • Size

    88KB

  • Sample

    241123-1n1x9svkaj

  • MD5

    63047d5a9daf2d59f7cbe3e2a688f43c

  • SHA1

    e3ecc37598964ca3846165f8fe93046ae90ec44a

  • SHA256

    0cf9a34bbdbd8e12640f4b7c1eeb78a380826452a6872642381ca09bb8923699

  • SHA512

    41a0d6769bce833b9d82272514550ac22921b608a66793e47fba42310dddba086f052cc6b54b6284a22d46a1e3d1fd89ead50a43f64ff855f0aaa2bbd038fa7e

  • SSDEEP

    1536:WVCLS/ZMoIU+zz3nNK9cb5n86GpnjCyzzBJeNulBnouy8D:W4LaMoj+P3n38FpGDahoutD

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0cf9a34bbdbd8e12640f4b7c1eeb78a380826452a6872642381ca09bb8923699.exe

    • Size

      88KB

    • MD5

      63047d5a9daf2d59f7cbe3e2a688f43c

    • SHA1

      e3ecc37598964ca3846165f8fe93046ae90ec44a

    • SHA256

      0cf9a34bbdbd8e12640f4b7c1eeb78a380826452a6872642381ca09bb8923699

    • SHA512

      41a0d6769bce833b9d82272514550ac22921b608a66793e47fba42310dddba086f052cc6b54b6284a22d46a1e3d1fd89ead50a43f64ff855f0aaa2bbd038fa7e

    • SSDEEP

      1536:WVCLS/ZMoIU+zz3nNK9cb5n86GpnjCyzzBJeNulBnouy8D:W4LaMoj+P3n38FpGDahoutD

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks