Overview

overview

10

Static

static

3

b4c67e05cd...dd.exe

windows7-x64

10

b4c67e05cd...dd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4c67e05cdb056a5cbff3b9607c169073c1cf65ec898af05fe78a2feb73c2bdd

  • Size

    384KB

  • Sample

    241123-c51f3awmgz

  • MD5

    c6eac39d03f52b3fce1ab8145e923658

  • SHA1

    90b6c3c66f0f587586bcf112a1f10e2413a91585

  • SHA256

    b4c67e05cdb056a5cbff3b9607c169073c1cf65ec898af05fe78a2feb73c2bdd

  • SHA512

    07fe6c589316d7a804ef1446dc3755d41145efdd259073fc9be086b1efe5586b1053d684ad49055ff496e044e5a69c41ca82819780274406bd5ed7be3637d946

  • SSDEEP

    6144:UA7RE3D8l7+1bRtPcCrhCRkR/+MG7+1bRtPcCrhxPSHlV2Yj6egLCCGP7Y:3VEEYNrekcPYNrq6+gmCAU

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b4c67e05cdb056a5cbff3b9607c169073c1cf65ec898af05fe78a2feb73c2bdd

    • Size

      384KB

    • MD5

      c6eac39d03f52b3fce1ab8145e923658

    • SHA1

      90b6c3c66f0f587586bcf112a1f10e2413a91585

    • SHA256

      b4c67e05cdb056a5cbff3b9607c169073c1cf65ec898af05fe78a2feb73c2bdd

    • SHA512

      07fe6c589316d7a804ef1446dc3755d41145efdd259073fc9be086b1efe5586b1053d684ad49055ff496e044e5a69c41ca82819780274406bd5ed7be3637d946

    • SSDEEP

      6144:UA7RE3D8l7+1bRtPcCrhCRkR/+MG7+1bRtPcCrhxPSHlV2Yj6egLCCGP7Y:3VEEYNrekcPYNrq6+gmCAU

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks