Overview

overview

10

Static

static

3

3b90f38abc...dN.exe

windows7-x64

10

3b90f38abc...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b90f38abc19757fb4f4a126b7e897302180f9be44234154b5e3134e4baf5cbdN.exe

  • Size

    92KB

  • Sample

    241207-2g6qlsxnbs

  • MD5

    e2c94558a29a008c8262a970d85f9470

  • SHA1

    e450479d1ef4e375de519b718a8ff1b32820e3c2

  • SHA256

    3b90f38abc19757fb4f4a126b7e897302180f9be44234154b5e3134e4baf5cbd

  • SHA512

    b7828dc19ef4672a555b2f8f5a0364d3a61838a53c14ac252eb1dbe6855f7266260ac307df114f003fa69bc66045c1f196ab48bc65442fe6add55cdbbc30033f

  • SSDEEP

    1536:Al3flim6pdhY16+0L8Afq6VEfFLQ+b95O7urzLeyfESWXeTvKIaN3imnunGP+2:cdgbhY1d0QJgEfFLQ+bzO7urzLeyboGI

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3b90f38abc19757fb4f4a126b7e897302180f9be44234154b5e3134e4baf5cbdN.exe

    • Size

      92KB

    • MD5

      e2c94558a29a008c8262a970d85f9470

    • SHA1

      e450479d1ef4e375de519b718a8ff1b32820e3c2

    • SHA256

      3b90f38abc19757fb4f4a126b7e897302180f9be44234154b5e3134e4baf5cbd

    • SHA512

      b7828dc19ef4672a555b2f8f5a0364d3a61838a53c14ac252eb1dbe6855f7266260ac307df114f003fa69bc66045c1f196ab48bc65442fe6add55cdbbc30033f

    • SSDEEP

      1536:Al3flim6pdhY16+0L8Afq6VEfFLQ+b95O7urzLeyfESWXeTvKIaN3imnunGP+2:cdgbhY1d0QJgEfFLQ+bzO7urzLeyboGI

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks