Overview

overview

10

Static

static

3

43c3977955...ec.exe

windows7-x64

10

43c3977955...ec.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43c39779553501f59c3b46efa9c27631ca066d74d3fe088e4ef580bc5efdb1ec

  • Size

    72KB

  • Sample

    241123-1pxx1aykaw

  • MD5

    89a8487c3de56870c97a97b561a6cc21

  • SHA1

    78829a46d5ddfebd09ed3013d661ce34c0ac6fcb

  • SHA256

    43c39779553501f59c3b46efa9c27631ca066d74d3fe088e4ef580bc5efdb1ec

  • SHA512

    34ecf5c3ddf3f77342bf5f230cbdb36c2f5e91c2c2e77b66805e9206dd20989d3f68030126a3394c464a12dcf6e20fde8b3ce6f43385d4998e411cf02ea68610

  • SSDEEP

    1536:3PK/V7LLRL3dnUBPd896JS4RS/MyLcrFXkKoJCU3U3WL:/e7LLRlUBPy0S48UnrFeJj3hL

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      43c39779553501f59c3b46efa9c27631ca066d74d3fe088e4ef580bc5efdb1ec

    • Size

      72KB

    • MD5

      89a8487c3de56870c97a97b561a6cc21

    • SHA1

      78829a46d5ddfebd09ed3013d661ce34c0ac6fcb

    • SHA256

      43c39779553501f59c3b46efa9c27631ca066d74d3fe088e4ef580bc5efdb1ec

    • SHA512

      34ecf5c3ddf3f77342bf5f230cbdb36c2f5e91c2c2e77b66805e9206dd20989d3f68030126a3394c464a12dcf6e20fde8b3ce6f43385d4998e411cf02ea68610

    • SSDEEP

      1536:3PK/V7LLRL3dnUBPd896JS4RS/MyLcrFXkKoJCU3U3WL:/e7LLRlUBPy0S48UnrFeJj3hL

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks