Overview

overview

10

Static

static

3

15d745bc35...ca.exe

windows7-x64

10

15d745bc35...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15d745bc3549e107e0b634a405e9865e7c5f19653b119aa4877f4855920f71ca

  • Size

    768KB

  • Sample

    241207-yteacawncq

  • MD5

    7e6c5681a51456ab034d1ec1014865ec

  • SHA1

    dd4866623dbcd836f4f7c1d1d6bea4a7c276e7bc

  • SHA256

    15d745bc3549e107e0b634a405e9865e7c5f19653b119aa4877f4855920f71ca

  • SHA512

    d233f9f616d0182d6ce2c7851603e805766921d1a74f180f6631d1d67f99f1528e5ccd18a4ea83763a09e8a90e3991f5878941dc40c567abc20ccd0a14507e68

  • SSDEEP

    12288:IIY/+zrWAI5KFum/+zrWAIAqWim/+zrWAI5KF4cr6VDsEqacjgqANXcol27Z5nNm:em0BmmvFimm0Xcr6VDsEqacjgqANXcoN

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      15d745bc3549e107e0b634a405e9865e7c5f19653b119aa4877f4855920f71ca

    • Size

      768KB

    • MD5

      7e6c5681a51456ab034d1ec1014865ec

    • SHA1

      dd4866623dbcd836f4f7c1d1d6bea4a7c276e7bc

    • SHA256

      15d745bc3549e107e0b634a405e9865e7c5f19653b119aa4877f4855920f71ca

    • SHA512

      d233f9f616d0182d6ce2c7851603e805766921d1a74f180f6631d1d67f99f1528e5ccd18a4ea83763a09e8a90e3991f5878941dc40c567abc20ccd0a14507e68

    • SSDEEP

      12288:IIY/+zrWAI5KFum/+zrWAIAqWim/+zrWAI5KF4cr6VDsEqacjgqANXcol27Z5nNm:em0BmmvFimm0Xcr6VDsEqacjgqANXcoN

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks