Overview

overview

10

Static

static

3

29e7d38646...18.exe

windows7-x64

10

29e7d38646...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29e7d3864618e0624d953e0174f62de9f1d28f5b9b896e7ee3cefb124975ea18.exe

  • Size

    324KB

  • Sample

    241123-hvttesxjgq

  • MD5

    0a8d7fb42ca8a4b2e84524fbdf1b2a8c

  • SHA1

    e147d84efc364b994b6b351200f7841f8ab97cd6

  • SHA256

    29e7d3864618e0624d953e0174f62de9f1d28f5b9b896e7ee3cefb124975ea18

  • SHA512

    170b4b58b61897dd725818dae565350d6385d35e50de31a82885211981a206f53ae1c8f18f127ef49e3313d4de72ebf3e89f727aac0f7d94a4b1224d1b69a8fb

  • SSDEEP

    6144:EC+BPKTsEnzd5IF6rfBBcVPINRFYpfZvT6zAWq6JMf3us8wU:ElPAsSp5IFy5BcVPINRFYpfZvTmAWqeD

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      29e7d3864618e0624d953e0174f62de9f1d28f5b9b896e7ee3cefb124975ea18.exe

    • Size

      324KB

    • MD5

      0a8d7fb42ca8a4b2e84524fbdf1b2a8c

    • SHA1

      e147d84efc364b994b6b351200f7841f8ab97cd6

    • SHA256

      29e7d3864618e0624d953e0174f62de9f1d28f5b9b896e7ee3cefb124975ea18

    • SHA512

      170b4b58b61897dd725818dae565350d6385d35e50de31a82885211981a206f53ae1c8f18f127ef49e3313d4de72ebf3e89f727aac0f7d94a4b1224d1b69a8fb

    • SSDEEP

      6144:EC+BPKTsEnzd5IF6rfBBcVPINRFYpfZvT6zAWq6JMf3us8wU:ElPAsSp5IFy5BcVPINRFYpfZvTmAWqeD

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks