Overview

overview

10

Static

static

3

5aab2d402c...92.exe

windows7-x64

10

5aab2d402c...92.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5aab2d402c41bb7822123f605f33111e8eddee3f31ad86fa400c6d73bece4292

  • Size

    161KB

  • Sample

    241123-2sl6caxkbq

  • MD5

    f0a22e81ca1d9f110f9ad42bb2d9f9b8

  • SHA1

    e57a795a11d3303aeaedbe4dbe26096ae545e390

  • SHA256

    5aab2d402c41bb7822123f605f33111e8eddee3f31ad86fa400c6d73bece4292

  • SHA512

    20f8e5a67fc5bbd8914e9a058095214dffe0ed678763eb2a7ff878a9d581b4d35d09c77f275957ded69372241bffea4800326773a23a0769a7f76b6cdbe67390

  • SSDEEP

    3072:FFPh1ouwWFvaCRx9LFoLhDskAVwtCJXeex7rrIRZK8K8/kv:LJ1TwWFy6RShDskAVwtmeetrIyR

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5aab2d402c41bb7822123f605f33111e8eddee3f31ad86fa400c6d73bece4292

    • Size

      161KB

    • MD5

      f0a22e81ca1d9f110f9ad42bb2d9f9b8

    • SHA1

      e57a795a11d3303aeaedbe4dbe26096ae545e390

    • SHA256

      5aab2d402c41bb7822123f605f33111e8eddee3f31ad86fa400c6d73bece4292

    • SHA512

      20f8e5a67fc5bbd8914e9a058095214dffe0ed678763eb2a7ff878a9d581b4d35d09c77f275957ded69372241bffea4800326773a23a0769a7f76b6cdbe67390

    • SSDEEP

      3072:FFPh1ouwWFvaCRx9LFoLhDskAVwtCJXeex7rrIRZK8K8/kv:LJ1TwWFy6RShDskAVwtmeetrIyR

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks