Overview

overview

10

Static

static

3

3a0a1212fc...95.exe

windows7-x64

10

3a0a1212fc...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a0a1212fc224ac2bb46f0c3ae8b7e1c921c346632bb6b9f9d2bb1dca0497d95.exe

  • Size

    280KB

  • Sample

    241123-n9vbds1jhq

  • MD5

    4c52b1089633064a413c2ab6f6dd2a7d

  • SHA1

    79f27565242ddee211ea86083282161e9fd35fb8

  • SHA256

    3a0a1212fc224ac2bb46f0c3ae8b7e1c921c346632bb6b9f9d2bb1dca0497d95

  • SHA512

    e5c37eaec1075dce8d5f58904fcb2d2180259b67c9d7280b4c0e2a25186b9b28f158831f36fb18228dfa8ff54686dfbfcd5dbfb1dea769ce18c0b5464d716ab3

  • SSDEEP

    6144:DTRJJwaQXr+Di/GOORjMmRUoooooooooooooooooooooooooy/Gl:DTRvwaQXr6i//OVLCoooooooooooooog

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3a0a1212fc224ac2bb46f0c3ae8b7e1c921c346632bb6b9f9d2bb1dca0497d95.exe

    • Size

      280KB

    • MD5

      4c52b1089633064a413c2ab6f6dd2a7d

    • SHA1

      79f27565242ddee211ea86083282161e9fd35fb8

    • SHA256

      3a0a1212fc224ac2bb46f0c3ae8b7e1c921c346632bb6b9f9d2bb1dca0497d95

    • SHA512

      e5c37eaec1075dce8d5f58904fcb2d2180259b67c9d7280b4c0e2a25186b9b28f158831f36fb18228dfa8ff54686dfbfcd5dbfb1dea769ce18c0b5464d716ab3

    • SSDEEP

      6144:DTRJJwaQXr+Di/GOORjMmRUoooooooooooooooooooooooooy/Gl:DTRvwaQXr6i//OVLCoooooooooooooog

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks