Overview

overview

10

Static

static

3

7f90094fac...f2.exe

windows7-x64

10

7f90094fac...f2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f90094fac8f135db50509ad912783024460ed1b25083207b70fdc1e04ae23f2.exe

  • Size

    280KB

  • Sample

    241123-dlw5zawrfy

  • MD5

    bf2dd030141f468ebb479f31b39ee837

  • SHA1

    739e253bbcf564fa702479a4c9660755fad33382

  • SHA256

    7f90094fac8f135db50509ad912783024460ed1b25083207b70fdc1e04ae23f2

  • SHA512

    ff28876157f448bbc17cdf42e6a5efa4c7eff2cc0d96118963ba82d520e909bbff15cc51712dcc18bde4dc58a168ef6942eeb16cc68dd4a5e54bd029ccc9196a

  • SSDEEP

    6144:R35KfJHWDmB4SuEi/GOORjMmRUoooooooooooooooooooooooooy/Gt:Sf1WDmB44i//OVLCoooooooooooooooB

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7f90094fac8f135db50509ad912783024460ed1b25083207b70fdc1e04ae23f2.exe

    • Size

      280KB

    • MD5

      bf2dd030141f468ebb479f31b39ee837

    • SHA1

      739e253bbcf564fa702479a4c9660755fad33382

    • SHA256

      7f90094fac8f135db50509ad912783024460ed1b25083207b70fdc1e04ae23f2

    • SHA512

      ff28876157f448bbc17cdf42e6a5efa4c7eff2cc0d96118963ba82d520e909bbff15cc51712dcc18bde4dc58a168ef6942eeb16cc68dd4a5e54bd029ccc9196a

    • SSDEEP

      6144:R35KfJHWDmB4SuEi/GOORjMmRUoooooooooooooooooooooooooy/Gt:Sf1WDmB44i//OVLCoooooooooooooooB

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks