Overview

overview

10

Static

static

3

66fd744e2a...aN.exe

windows7-x64

10

66fd744e2a...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66fd744e2a6b3dd87fa9484a92f3505a2ebacedf09d51363c4d8cce55326cdeaN.exe

  • Size

    72KB

  • Sample

    241207-11214awng1

  • MD5

    5f4d3f353f0ddb124de19123ba40f750

  • SHA1

    053dbe32c54d4de80d0580e985804bf2c42bb6b9

  • SHA256

    66fd744e2a6b3dd87fa9484a92f3505a2ebacedf09d51363c4d8cce55326cdea

  • SHA512

    ae0211ff618b4e2bde0dcd44313d732f4490e0bfe7066f62f362a8ec6d5cbb3c1db70d329e40e02020031d897ebee2db3390ea06bd82f326cbd7e1a6b04fa436

  • SSDEEP

    768:WQ/Vb2qizgUhetAMzg32ngVeMrUHGRqqJ1rbxRuSiLICVZ2bs5oeVgBX7+v1efFs:WI2rQZgVlrEoqqJxAZY6K+v137g0cqz

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      66fd744e2a6b3dd87fa9484a92f3505a2ebacedf09d51363c4d8cce55326cdeaN.exe

    • Size

      72KB

    • MD5

      5f4d3f353f0ddb124de19123ba40f750

    • SHA1

      053dbe32c54d4de80d0580e985804bf2c42bb6b9

    • SHA256

      66fd744e2a6b3dd87fa9484a92f3505a2ebacedf09d51363c4d8cce55326cdea

    • SHA512

      ae0211ff618b4e2bde0dcd44313d732f4490e0bfe7066f62f362a8ec6d5cbb3c1db70d329e40e02020031d897ebee2db3390ea06bd82f326cbd7e1a6b04fa436

    • SSDEEP

      768:WQ/Vb2qizgUhetAMzg32ngVeMrUHGRqqJ1rbxRuSiLICVZ2bs5oeVgBX7+v1efFs:WI2rQZgVlrEoqqJxAZY6K+v137g0cqz

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks