Overview

overview

10

Static

static

3

b38287ac3b...9b.exe

windows7-x64

10

b38287ac3b...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b38287ac3b76f51be30a49586ccaebb59b3f6e57e7acae4b7d38fd822de7949b

  • Size

    123KB

  • Sample

    241123-c3snfawmcs

  • MD5

    e02555e394a626a43359e1b0690888c8

  • SHA1

    1f0c01fd6520579087413d38706de84b7c969c29

  • SHA256

    b38287ac3b76f51be30a49586ccaebb59b3f6e57e7acae4b7d38fd822de7949b

  • SHA512

    c20a264e71b507388efcfe96bf78a43c98970458c9dfb9bd1886bd4c64a94320631bb9514f0a200013e3f78cc3224bf96b33f8679985039bf8442216b06b8275

  • SSDEEP

    3072:Uv9DLEZicCsi1jTIluTRYSa9rR85DEn5k7r8:UvFAZ9CsCJT4rQD85k/8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b38287ac3b76f51be30a49586ccaebb59b3f6e57e7acae4b7d38fd822de7949b

    • Size

      123KB

    • MD5

      e02555e394a626a43359e1b0690888c8

    • SHA1

      1f0c01fd6520579087413d38706de84b7c969c29

    • SHA256

      b38287ac3b76f51be30a49586ccaebb59b3f6e57e7acae4b7d38fd822de7949b

    • SHA512

      c20a264e71b507388efcfe96bf78a43c98970458c9dfb9bd1886bd4c64a94320631bb9514f0a200013e3f78cc3224bf96b33f8679985039bf8442216b06b8275

    • SSDEEP

      3072:Uv9DLEZicCsi1jTIluTRYSa9rR85DEn5k7r8:UvFAZ9CsCJT4rQD85k/8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks