Overview

overview

10

Static

static

3

257182b803...8b.exe

windows7-x64

10

257182b803...8b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    257182b80388dd4b77a8bd412d5073073c20b184202f1f86668fce5b3bb1538b

  • Size

    100KB

  • Sample

    241123-za94cavmey

  • MD5

    93df30440d6bc312ac336b32a0042b78

  • SHA1

    fc59c2a5408f6327a32d8ac3f6a09ed4ebd77c8f

  • SHA256

    257182b80388dd4b77a8bd412d5073073c20b184202f1f86668fce5b3bb1538b

  • SHA512

    83dba8935ffb7122322a650e5a0aaf5728dc69c8c40e2b9ee27f7181f2b120e1845578549a7b5abc47e2ec694340fa9e8d88c71bdd9e067b276d2a829ebe5002

  • SSDEEP

    3072:q4qopcwfQFNUL/hK6p8N3IIAaIgb3a3+X13XRzT:q+QFW/XCxnF7aOl3BzT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      257182b80388dd4b77a8bd412d5073073c20b184202f1f86668fce5b3bb1538b

    • Size

      100KB

    • MD5

      93df30440d6bc312ac336b32a0042b78

    • SHA1

      fc59c2a5408f6327a32d8ac3f6a09ed4ebd77c8f

    • SHA256

      257182b80388dd4b77a8bd412d5073073c20b184202f1f86668fce5b3bb1538b

    • SHA512

      83dba8935ffb7122322a650e5a0aaf5728dc69c8c40e2b9ee27f7181f2b120e1845578549a7b5abc47e2ec694340fa9e8d88c71bdd9e067b276d2a829ebe5002

    • SSDEEP

      3072:q4qopcwfQFNUL/hK6p8N3IIAaIgb3a3+X13XRzT:q+QFW/XCxnF7aOl3BzT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks