Overview

overview

10

Static

static

3

9ca357bd3d...9N.exe

windows7-x64

10

9ca357bd3d...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ca357bd3d61bb48ebe2712004b83c5c7cbbf223dd7840e1e062b944b44d9ab9N.exe

  • Size

    92KB

  • Sample

    241123-26sv2s1pfx

  • MD5

    f56414850b8490d67a59f6ba5405bbb0

  • SHA1

    aceccd06428fc6893c214317416c5768cb27a5a0

  • SHA256

    9ca357bd3d61bb48ebe2712004b83c5c7cbbf223dd7840e1e062b944b44d9ab9

  • SHA512

    395c8dfcf00404622e3d35bbea4e502673a3b0cbac72c1a87286f30ce33ff2cad3c52903c26bcebb481dfa5a88fc845f7eede893a7c1127d8d70e7a475ec0fbf

  • SSDEEP

    1536:/IXA/oxc75rCGk9xSN/bN2TtNraKRweabUUumGN3imnunGP+C:1Sc75raK/bQpaZdVGVbe4+C

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9ca357bd3d61bb48ebe2712004b83c5c7cbbf223dd7840e1e062b944b44d9ab9N.exe

    • Size

      92KB

    • MD5

      f56414850b8490d67a59f6ba5405bbb0

    • SHA1

      aceccd06428fc6893c214317416c5768cb27a5a0

    • SHA256

      9ca357bd3d61bb48ebe2712004b83c5c7cbbf223dd7840e1e062b944b44d9ab9

    • SHA512

      395c8dfcf00404622e3d35bbea4e502673a3b0cbac72c1a87286f30ce33ff2cad3c52903c26bcebb481dfa5a88fc845f7eede893a7c1127d8d70e7a475ec0fbf

    • SSDEEP

      1536:/IXA/oxc75rCGk9xSN/bN2TtNraKRweabUUumGN3imnunGP+C:1Sc75raK/bQpaZdVGVbe4+C

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks