Overview

overview

10

Static

static

10

45ac44a904...c9.exe

windows7-x64

10

45ac44a904...c9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45ac44a904794ba0dcbdffa63e8aa4748ff3a806b01c05df3af62184419d9bc9

  • Size

    145KB

  • Sample

    241123-1smw7svlen

  • MD5

    5f1d96a55d7b3dd7c91784f9a57e1ed9

  • SHA1

    7c6da5dfdff8acfdb0658899815c925a79249880

  • SHA256

    45ac44a904794ba0dcbdffa63e8aa4748ff3a806b01c05df3af62184419d9bc9

  • SHA512

    85188a83cc3d3fcb1f79bfcd120d8a32abefb824063623431d7eb7c816695c2845cf8cec37e4a4011d44d35443c761daf4b3ed49a6490b7a13c0019ed1a25aed

  • SSDEEP

    1536:kkGcDbC9B1zavEXhZbIoaBMsOIhiyfls5EyYV+jyeo080euee7yFOHDzCuRHyPAR:LGIbI1zaehM5iyt5H08jszby8WVXixB

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      45ac44a904794ba0dcbdffa63e8aa4748ff3a806b01c05df3af62184419d9bc9

    • Size

      145KB

    • MD5

      5f1d96a55d7b3dd7c91784f9a57e1ed9

    • SHA1

      7c6da5dfdff8acfdb0658899815c925a79249880

    • SHA256

      45ac44a904794ba0dcbdffa63e8aa4748ff3a806b01c05df3af62184419d9bc9

    • SHA512

      85188a83cc3d3fcb1f79bfcd120d8a32abefb824063623431d7eb7c816695c2845cf8cec37e4a4011d44d35443c761daf4b3ed49a6490b7a13c0019ed1a25aed

    • SSDEEP

      1536:kkGcDbC9B1zavEXhZbIoaBMsOIhiyfls5EyYV+jyeo080euee7yFOHDzCuRHyPAR:LGIbI1zaehM5iyt5H08jszby8WVXixB

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks