Overview

overview

10

Static

static

3

c446920821...9N.exe

windows7-x64

10

c446920821...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c446920821050513895d59c7667dd7e29f62ee84e78a54abe7d538fdd39e9319N.exe

  • Size

    74KB

  • Sample

    241207-ywh2ba1mev

  • MD5

    675ea363d07668134b96e9002aa7edd0

  • SHA1

    896bb48d06277a1fcc2e18b849931f103c81ac34

  • SHA256

    c446920821050513895d59c7667dd7e29f62ee84e78a54abe7d538fdd39e9319

  • SHA512

    83bf1e7db0113b157ad69accf3c425683731098ba03f7b3507da3d72c65461ad2f73cdce79aeb01d4f8d9da70cc2537048310ae6eaa2756a9f237c25e442e262

  • SSDEEP

    1536:3oEkplwreSIhN1EBKY3IO4xc74Ben33TKvFppfLp:YWaNBEBKY3Ih0lTkvpDp

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c446920821050513895d59c7667dd7e29f62ee84e78a54abe7d538fdd39e9319N.exe

    • Size

      74KB

    • MD5

      675ea363d07668134b96e9002aa7edd0

    • SHA1

      896bb48d06277a1fcc2e18b849931f103c81ac34

    • SHA256

      c446920821050513895d59c7667dd7e29f62ee84e78a54abe7d538fdd39e9319

    • SHA512

      83bf1e7db0113b157ad69accf3c425683731098ba03f7b3507da3d72c65461ad2f73cdce79aeb01d4f8d9da70cc2537048310ae6eaa2756a9f237c25e442e262

    • SSDEEP

      1536:3oEkplwreSIhN1EBKY3IO4xc74Ben33TKvFppfLp:YWaNBEBKY3Ih0lTkvpDp

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks