Overview

overview

10

Static

static

3

701e780e0d...a8.exe

windows7-x64

10

701e780e0d...a8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    701e780e0dea5a1ac55c9ecc8e3732f4fc327f93b86e0c907cea04063381c7a8

  • Size

    89KB

  • Sample

    241207-3rn4zszrg1

  • MD5

    de1a32a05b41817b60e2bf0d6fd1e774

  • SHA1

    66298420760788097d056fb80a78464d69c20fe3

  • SHA256

    701e780e0dea5a1ac55c9ecc8e3732f4fc327f93b86e0c907cea04063381c7a8

  • SHA512

    3ea36113465d1611ec736a506e9a573920cb28cb2a121073f6c76a63b13ea42c8bc07a90f0742f4a4c4a755f120febd385eadbf3462fc7bbf88e280dbf7701f8

  • SSDEEP

    1536:n+HmME0dzbnt+dBaxR5Qx8E3KLI7l0sLp/1sXU/IVrl/NcyMlExkg8Fk:PMTzbt+HaB3ssXfFcnlakgwk

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      701e780e0dea5a1ac55c9ecc8e3732f4fc327f93b86e0c907cea04063381c7a8

    • Size

      89KB

    • MD5

      de1a32a05b41817b60e2bf0d6fd1e774

    • SHA1

      66298420760788097d056fb80a78464d69c20fe3

    • SHA256

      701e780e0dea5a1ac55c9ecc8e3732f4fc327f93b86e0c907cea04063381c7a8

    • SHA512

      3ea36113465d1611ec736a506e9a573920cb28cb2a121073f6c76a63b13ea42c8bc07a90f0742f4a4c4a755f120febd385eadbf3462fc7bbf88e280dbf7701f8

    • SSDEEP

      1536:n+HmME0dzbnt+dBaxR5Qx8E3KLI7l0sLp/1sXU/IVrl/NcyMlExkg8Fk:PMTzbt+HaB3ssXfFcnlakgwk

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks