Overview

overview

10

Static

static

3

dd364c06cf...74.exe

windows7-x64

10

dd364c06cf...74.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd364c06cf1fe775562765be282678f4e05493b27d28e6a060e2323a14a67874

  • Size

    72KB

  • Sample

    241123-e1s8asvjdq

  • MD5

    9297f898d6e673f67cd55e1c37e7dff3

  • SHA1

    cdcce5fe808d1f981b7f259977e4dd283a2c3e85

  • SHA256

    dd364c06cf1fe775562765be282678f4e05493b27d28e6a060e2323a14a67874

  • SHA512

    9f4f643a4822fd3754d3a94e4cd4a02fa3c08945b1f9e384db114df1b5436b56b44cc5624cd5aaf2328341681aac7ae0ec20ade2c8eabad784ae7a5e9b81fb56

  • SSDEEP

    1536:vmVqaF8kllU8QFF0pPrjVNAP4xQJLZm+PVp0vKxxYvhhOa/A:OAa6klhqGbbIlm+PwhD/A

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dd364c06cf1fe775562765be282678f4e05493b27d28e6a060e2323a14a67874

    • Size

      72KB

    • MD5

      9297f898d6e673f67cd55e1c37e7dff3

    • SHA1

      cdcce5fe808d1f981b7f259977e4dd283a2c3e85

    • SHA256

      dd364c06cf1fe775562765be282678f4e05493b27d28e6a060e2323a14a67874

    • SHA512

      9f4f643a4822fd3754d3a94e4cd4a02fa3c08945b1f9e384db114df1b5436b56b44cc5624cd5aaf2328341681aac7ae0ec20ade2c8eabad784ae7a5e9b81fb56

    • SSDEEP

      1536:vmVqaF8kllU8QFF0pPrjVNAP4xQJLZm+PVp0vKxxYvhhOa/A:OAa6klhqGbbIlm+PwhD/A

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks