Overview

overview

10

Static

static

3

447d641946...0N.exe

windows7-x64

10

447d641946...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    447d6419464658b32933f388110532246da488ce60e0b6bbeecf1c3b2798b700N.exe

  • Size

    120KB

  • Sample

    241207-16txnswrbx

  • MD5

    a1d8aad56e6b6e3ce4d5fd832c5e4d10

  • SHA1

    6fb286f9cea4ff41c48bebee4ccc84cbbed5944e

  • SHA256

    447d6419464658b32933f388110532246da488ce60e0b6bbeecf1c3b2798b700

  • SHA512

    586989ff2ba5729013170e23866703a98c4e2bb6a7b6866b014217bbce9e16a8c2c44b5c825f041b51320cd9f798ed9f6ed5cabe293c71720de197000621f343

  • SSDEEP

    1536:/bKg+8D9UG0w86TOoe9V8HtI2N+DdlMPyjD0Kr0revLIjz0cZ44mjD9r823F4:pSuqPAk3qy5Zi/mjRrz3C

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      447d6419464658b32933f388110532246da488ce60e0b6bbeecf1c3b2798b700N.exe

    • Size

      120KB

    • MD5

      a1d8aad56e6b6e3ce4d5fd832c5e4d10

    • SHA1

      6fb286f9cea4ff41c48bebee4ccc84cbbed5944e

    • SHA256

      447d6419464658b32933f388110532246da488ce60e0b6bbeecf1c3b2798b700

    • SHA512

      586989ff2ba5729013170e23866703a98c4e2bb6a7b6866b014217bbce9e16a8c2c44b5c825f041b51320cd9f798ed9f6ed5cabe293c71720de197000621f343

    • SSDEEP

      1536:/bKg+8D9UG0w86TOoe9V8HtI2N+DdlMPyjD0Kr0revLIjz0cZ44mjD9r823F4:pSuqPAk3qy5Zi/mjRrz3C

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks