Overview

overview

10

Static

static

3

ca0a8fa456...23.exe

windows7-x64

10

ca0a8fa456...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca0a8fa4567966854b0abbb1badea3bf9a440f2ba3755b7279ea397fcdbca623

  • Size

    96KB

  • Sample

    241123-d5p6rsxmft

  • MD5

    811ae52091c7567188193ad1f9db857a

  • SHA1

    389a108a00e6716c5fb35089eaf4b4ecea62ce5a

  • SHA256

    ca0a8fa4567966854b0abbb1badea3bf9a440f2ba3755b7279ea397fcdbca623

  • SHA512

    9a5db3ccfca0ed3f1318e512b079704ef230f6329c7433bc540d0e41c8e4583fd2f4cffa955fcf941bd10c357934285717a9c800d0cfa6d1c47182fa83a6629a

  • SSDEEP

    1536:EC60vNCvWlAEZKoBLLvso8cmlMfhNl/ymoTPoP6duV9jojTIvjrH:560vNC5EbnmlMJ36oP6d69jc0vf

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ca0a8fa4567966854b0abbb1badea3bf9a440f2ba3755b7279ea397fcdbca623

    • Size

      96KB

    • MD5

      811ae52091c7567188193ad1f9db857a

    • SHA1

      389a108a00e6716c5fb35089eaf4b4ecea62ce5a

    • SHA256

      ca0a8fa4567966854b0abbb1badea3bf9a440f2ba3755b7279ea397fcdbca623

    • SHA512

      9a5db3ccfca0ed3f1318e512b079704ef230f6329c7433bc540d0e41c8e4583fd2f4cffa955fcf941bd10c357934285717a9c800d0cfa6d1c47182fa83a6629a

    • SSDEEP

      1536:EC60vNCvWlAEZKoBLLvso8cmlMfhNl/ymoTPoP6duV9jojTIvjrH:560vNC5EbnmlMJ36oP6d69jc0vf

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks