Overview

overview

10

Static

static

3

c7e043cc55...1e.exe

windows7-x64

10

c7e043cc55...1e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7e043cc553047d34e59c36c92a89de59608955bedddf7b939d7bbf350a0561e

  • Size

    90KB

  • Sample

    241123-d2216axlgw

  • MD5

    65943b2245183ae50f14df81a164530f

  • SHA1

    cbcaa17a69d5efe470a3d9528c6e2551a62cc297

  • SHA256

    c7e043cc553047d34e59c36c92a89de59608955bedddf7b939d7bbf350a0561e

  • SHA512

    f5641348b5ad11988716571e7097ba766979637f38635866e94b77c4a9aac1c28ae712cdf60da6e120d2d12a89d1018f1796ddd7f7eb23ab0b7643108fdd4f2a

  • SSDEEP

    1536:JaG/ZwZwQGoixQBZuU7zaWfLX4Hz9iDV1LwVzcvmf13dz6yXJtuectP+OkCigjIf:Jt/ZwZwQGABZbffLIHz9UwVzlf13dz6K

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c7e043cc553047d34e59c36c92a89de59608955bedddf7b939d7bbf350a0561e

    • Size

      90KB

    • MD5

      65943b2245183ae50f14df81a164530f

    • SHA1

      cbcaa17a69d5efe470a3d9528c6e2551a62cc297

    • SHA256

      c7e043cc553047d34e59c36c92a89de59608955bedddf7b939d7bbf350a0561e

    • SHA512

      f5641348b5ad11988716571e7097ba766979637f38635866e94b77c4a9aac1c28ae712cdf60da6e120d2d12a89d1018f1796ddd7f7eb23ab0b7643108fdd4f2a

    • SSDEEP

      1536:JaG/ZwZwQGoixQBZuU7zaWfLX4Hz9iDV1LwVzcvmf13dz6yXJtuectP+OkCigjIf:Jt/ZwZwQGABZbffLIHz9UwVzlf13dz6K

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks