Overview

overview

10

Static

static

3

e8d96162ee...ca.exe

windows7-x64

10

e8d96162ee...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e8d96162ee17afb04d3be6d01f7ced0d10cf349837b9ea8738ef3291fd7b6fca

  • Size

    192KB

  • Sample

    241130-frqlgsykhq

  • MD5

    ab51993ad73e0ef98f5089b02812c544

  • SHA1

    a9085d382a87d15f7a98f11b293f5b0993f378df

  • SHA256

    e8d96162ee17afb04d3be6d01f7ced0d10cf349837b9ea8738ef3291fd7b6fca

  • SHA512

    08c7a91a53b1c8c5b0807578d19590e9f9bfedb4bc716f4a9cc44dfdadfa27acb97de6df3c24346324367ed841381ee90f5f7337280248c288d97aae960917b5

  • SSDEEP

    3072:sUQ2fSQTtQY332uusEueFKPD375lHzpa1P2FU6UK7q4+5DbGTO6GQd3JSZO5f7M2:swfndm2EueYr75lHzpaF2e6UK+42GTQK

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e8d96162ee17afb04d3be6d01f7ced0d10cf349837b9ea8738ef3291fd7b6fca

    • Size

      192KB

    • MD5

      ab51993ad73e0ef98f5089b02812c544

    • SHA1

      a9085d382a87d15f7a98f11b293f5b0993f378df

    • SHA256

      e8d96162ee17afb04d3be6d01f7ced0d10cf349837b9ea8738ef3291fd7b6fca

    • SHA512

      08c7a91a53b1c8c5b0807578d19590e9f9bfedb4bc716f4a9cc44dfdadfa27acb97de6df3c24346324367ed841381ee90f5f7337280248c288d97aae960917b5

    • SSDEEP

      3072:sUQ2fSQTtQY332uusEueFKPD375lHzpa1P2FU6UK7q4+5DbGTO6GQd3JSZO5f7M2:swfndm2EueYr75lHzpaF2e6UK+42GTQK

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks