Overview

overview

10

Static

static

3

95cc4ddd63...56.exe

windows7-x64

10

95cc4ddd63...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95cc4ddd63a757d9739fc11a8f8ff797b3828098d2cc72c517e92de888e10156.exe

  • Size

    74KB

  • Sample

    241123-p1rdta1nfp

  • MD5

    33c80d13ad12239cd656586e63d4328c

  • SHA1

    100f8bfa98cfa4e43fffa343cc15ad5ea07d9544

  • SHA256

    95cc4ddd63a757d9739fc11a8f8ff797b3828098d2cc72c517e92de888e10156

  • SHA512

    5e376d7788464484f171e9957289c5df91d005699dca2526c34c0b604bb8c7b4c1619aa32523f9aa952af00a30f724a8441ac2aa0670fb4b0f286cb38b04dbe1

  • SSDEEP

    1536:N8HDn8hgA6O/yhnjc7or/2oUsTc4AhmpJlBylZWMMi/4PlqXSg:NUJnGoj2orc4AhScZWMyPYCg

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      95cc4ddd63a757d9739fc11a8f8ff797b3828098d2cc72c517e92de888e10156.exe

    • Size

      74KB

    • MD5

      33c80d13ad12239cd656586e63d4328c

    • SHA1

      100f8bfa98cfa4e43fffa343cc15ad5ea07d9544

    • SHA256

      95cc4ddd63a757d9739fc11a8f8ff797b3828098d2cc72c517e92de888e10156

    • SHA512

      5e376d7788464484f171e9957289c5df91d005699dca2526c34c0b604bb8c7b4c1619aa32523f9aa952af00a30f724a8441ac2aa0670fb4b0f286cb38b04dbe1

    • SSDEEP

      1536:N8HDn8hgA6O/yhnjc7or/2oUsTc4AhmpJlBylZWMMi/4PlqXSg:NUJnGoj2orc4AhScZWMyPYCg

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks