Overview

overview

10

Static

static

3

137b337323...ba.exe

windows7-x64

10

137b337323...ba.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    137b337323794e608487515f387cb22a247c2cc59d0f9a987e70bbb8899c2bba

  • Size

    88KB

  • Sample

    241207-yp2j3swlgj

  • MD5

    704c05c5d8399fc63fc02a7bb79e1608

  • SHA1

    52fc777d50db228c446aae3e5624d208a58df2da

  • SHA256

    137b337323794e608487515f387cb22a247c2cc59d0f9a987e70bbb8899c2bba

  • SHA512

    f8af9072dbe79960f1defa8646d02ece843db5bbba3f772df514d41443854bf5110ae5047bbb7237ad55aa899af3f31fe7d05d5fcb0da0ac95b5b21f809c744c

  • SSDEEP

    1536:UyxRxuv+Cw3kpx0VsdmCGfOqJmROLC+EIdnouy8B:U7v+CfMeH+EIloutB

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      137b337323794e608487515f387cb22a247c2cc59d0f9a987e70bbb8899c2bba

    • Size

      88KB

    • MD5

      704c05c5d8399fc63fc02a7bb79e1608

    • SHA1

      52fc777d50db228c446aae3e5624d208a58df2da

    • SHA256

      137b337323794e608487515f387cb22a247c2cc59d0f9a987e70bbb8899c2bba

    • SHA512

      f8af9072dbe79960f1defa8646d02ece843db5bbba3f772df514d41443854bf5110ae5047bbb7237ad55aa899af3f31fe7d05d5fcb0da0ac95b5b21f809c744c

    • SSDEEP

      1536:UyxRxuv+Cw3kpx0VsdmCGfOqJmROLC+EIdnouy8B:U7v+CfMeH+EIloutB

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks