Overview

overview

10

Static

static

3

37473debc7...dN.exe

windows7-x64

10

37473debc7...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37473debc76aa4bcf7756fc84ac0cd3d7dedc32ab9e5e4729bf7399e8e0b143dN.exe

  • Size

    442KB

  • Sample

    241207-3w5brs1kgt

  • MD5

    b6e4d10a8f240a1c02753efb9fada750

  • SHA1

    7c05f992c9312529090a76ac5c41d38d0be4825f

  • SHA256

    37473debc76aa4bcf7756fc84ac0cd3d7dedc32ab9e5e4729bf7399e8e0b143d

  • SHA512

    660d46fa801982d4d4a132e95a54309e569a053364ed2e2a0ff637f0da2005fde39d6523a23c783bf3110c3f52ee15283041ce0ff2b2d63c8e5c725024856572

  • SSDEEP

    3072:aE2ukbpihVpNawG5lkqrifbdB7dYk1Bx8DpsV68RfPi4meqByN2DmtXGTtiOd/VZ:aEb9iBlkym/89bifPidzIEZ/VZ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      37473debc76aa4bcf7756fc84ac0cd3d7dedc32ab9e5e4729bf7399e8e0b143dN.exe

    • Size

      442KB

    • MD5

      b6e4d10a8f240a1c02753efb9fada750

    • SHA1

      7c05f992c9312529090a76ac5c41d38d0be4825f

    • SHA256

      37473debc76aa4bcf7756fc84ac0cd3d7dedc32ab9e5e4729bf7399e8e0b143d

    • SHA512

      660d46fa801982d4d4a132e95a54309e569a053364ed2e2a0ff637f0da2005fde39d6523a23c783bf3110c3f52ee15283041ce0ff2b2d63c8e5c725024856572

    • SSDEEP

      3072:aE2ukbpihVpNawG5lkqrifbdB7dYk1Bx8DpsV68RfPi4meqByN2DmtXGTtiOd/VZ:aEb9iBlkym/89bifPidzIEZ/VZ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks