Overview

overview

10

Static

static

3

e38807e379...ab.exe

windows7-x64

10

e38807e379...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e38807e3794730a599b38212ec2a441f3e1ce258beee3ef44235c1f4d694dbab

  • Size

    123KB

  • Sample

    241123-e9fcssvldl

  • MD5

    953670475cf7e3a412677b32e6164d9e

  • SHA1

    cbdcad01b02aeb66a88be5c364adf02d775630fd

  • SHA256

    e38807e3794730a599b38212ec2a441f3e1ce258beee3ef44235c1f4d694dbab

  • SHA512

    f0aeb7eb23dc246194b8b91d5c34de3f5c7d8d3a576a38d32c2f47ab170939f5d419b00bd23e9db915e12b65e2be86df476acabbb96a74d035555ef649043825

  • SSDEEP

    3072:NMOhWIgrsjcPNUev0LAHatbDCRYSa9rR85DEn5k7r8:qY4Uu0LA6tbDC4rQD85k/8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e38807e3794730a599b38212ec2a441f3e1ce258beee3ef44235c1f4d694dbab

    • Size

      123KB

    • MD5

      953670475cf7e3a412677b32e6164d9e

    • SHA1

      cbdcad01b02aeb66a88be5c364adf02d775630fd

    • SHA256

      e38807e3794730a599b38212ec2a441f3e1ce258beee3ef44235c1f4d694dbab

    • SHA512

      f0aeb7eb23dc246194b8b91d5c34de3f5c7d8d3a576a38d32c2f47ab170939f5d419b00bd23e9db915e12b65e2be86df476acabbb96a74d035555ef649043825

    • SSDEEP

      3072:NMOhWIgrsjcPNUev0LAHatbDCRYSa9rR85DEn5k7r8:qY4Uu0LA6tbDC4rQD85k/8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks