Overview

overview

10

Static

static

3

18765f056f...94.exe

windows7-x64

10

18765f056f...94.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18765f056f0ff2f2753f88d417a99920a1755674a5900ec0fd261dd04b874494

  • Size

    92KB

  • Sample

    241123-yry7qsznem

  • MD5

    b6d738f3142c1cd97f34b61389fa29cc

  • SHA1

    fa2036670f3211ff042c55adafe9b41c1609bd55

  • SHA256

    18765f056f0ff2f2753f88d417a99920a1755674a5900ec0fd261dd04b874494

  • SHA512

    904e21f4c7bc4f3f501af0be028eb1230b84e1b43f22ce3b91317540093db938fc3a5abc3661354eb611bdc2ac8de0777d335f68e08c05c96ad73f0ea5e6d32f

  • SSDEEP

    1536:JeH99pJJFSUV3Sp8p6ah/pLVRtSZ/IKYm/FqItIdPN3imnunGP+W:JeH9pJDI8p6aBRtPKYaFXedPVbe4+W

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      18765f056f0ff2f2753f88d417a99920a1755674a5900ec0fd261dd04b874494

    • Size

      92KB

    • MD5

      b6d738f3142c1cd97f34b61389fa29cc

    • SHA1

      fa2036670f3211ff042c55adafe9b41c1609bd55

    • SHA256

      18765f056f0ff2f2753f88d417a99920a1755674a5900ec0fd261dd04b874494

    • SHA512

      904e21f4c7bc4f3f501af0be028eb1230b84e1b43f22ce3b91317540093db938fc3a5abc3661354eb611bdc2ac8de0777d335f68e08c05c96ad73f0ea5e6d32f

    • SSDEEP

      1536:JeH99pJJFSUV3Sp8p6ah/pLVRtSZ/IKYm/FqItIdPN3imnunGP+W:JeH9pJDI8p6aBRtPKYaFXedPVbe4+W

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks