Overview

overview

10

Static

static

3

8eabd5aaf8...bN.exe

windows7-x64

10

8eabd5aaf8...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8eabd5aaf8b249a88b158ccd91930b405816c2b1885f567d697ca9b9a1291dbbN.exe

  • Size

    76KB

  • Sample

    241123-3t7n4ssrb1

  • MD5

    99b4a902bc1ccbb8e80e674326cb6530

  • SHA1

    0c4d6e9f9a67a71db71afd5df715813175eb47dc

  • SHA256

    8eabd5aaf8b249a88b158ccd91930b405816c2b1885f567d697ca9b9a1291dbb

  • SHA512

    d5b0bc68bce27b21410751ecce96ece7ecb72d4ced906df88faab920ea319bbc34f876a317a5d5bc5ae3be292eb14fbfa59751f92aeec4b1546addaf348b162d

  • SSDEEP

    768:AtoEJSeaqTyNpseC6ctraILHKRLeLzpUQiEpYBnwP3lXdO8IB7MCY1UEeHZK7zy9:AtVcZGB+Nwt4E3P1Xx9l1UE5Hfrs

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8eabd5aaf8b249a88b158ccd91930b405816c2b1885f567d697ca9b9a1291dbbN.exe

    • Size

      76KB

    • MD5

      99b4a902bc1ccbb8e80e674326cb6530

    • SHA1

      0c4d6e9f9a67a71db71afd5df715813175eb47dc

    • SHA256

      8eabd5aaf8b249a88b158ccd91930b405816c2b1885f567d697ca9b9a1291dbb

    • SHA512

      d5b0bc68bce27b21410751ecce96ece7ecb72d4ced906df88faab920ea319bbc34f876a317a5d5bc5ae3be292eb14fbfa59751f92aeec4b1546addaf348b162d

    • SSDEEP

      768:AtoEJSeaqTyNpseC6ctraILHKRLeLzpUQiEpYBnwP3lXdO8IB7MCY1UEeHZK7zy9:AtVcZGB+Nwt4E3P1Xx9l1UE5Hfrs

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks