Overview

overview

10

Static

static

3

5d8978e505...6a.exe

windows7-x64

10

5d8978e505...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d8978e5051384bd49d00e10e013f198c686c5a2244aea34a4575aa33911846a

  • Size

    576KB

  • Sample

    241123-2wlnzs1kes

  • MD5

    99cdf696245bab16a7d60b299cb13407

  • SHA1

    3a45622afcc6ee70884b98d86d237a3966e43c59

  • SHA256

    5d8978e5051384bd49d00e10e013f198c686c5a2244aea34a4575aa33911846a

  • SHA512

    7550e90b7b12f3d583b0ffcc60a3dc63e581ebff3070666f6dca87b0a345c8353f270a0bd8a444326a2968236c7cf346ee9a0de9393a3d3f242e3cb071aee04d

  • SSDEEP

    12288:bHUTzsGyXu1jGG1ws5iETdqvZNemWrsiLk6mqgSgRDO:bHYzsGyXsGG1ws5ipX6

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5d8978e5051384bd49d00e10e013f198c686c5a2244aea34a4575aa33911846a

    • Size

      576KB

    • MD5

      99cdf696245bab16a7d60b299cb13407

    • SHA1

      3a45622afcc6ee70884b98d86d237a3966e43c59

    • SHA256

      5d8978e5051384bd49d00e10e013f198c686c5a2244aea34a4575aa33911846a

    • SHA512

      7550e90b7b12f3d583b0ffcc60a3dc63e581ebff3070666f6dca87b0a345c8353f270a0bd8a444326a2968236c7cf346ee9a0de9393a3d3f242e3cb071aee04d

    • SSDEEP

      12288:bHUTzsGyXu1jGG1ws5iETdqvZNemWrsiLk6mqgSgRDO:bHYzsGyXsGG1ws5ipX6

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks