Overview

overview

10

Static

static

3

163327ef2d...cN.exe

windows7-x64

10

163327ef2d...cN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    163327ef2d45b6f85516cac7adf22e715554521980d0a6046290cdf11e7cb3ccN.exe

  • Size

    74KB

  • Sample

    241207-zblgdaslbs

  • MD5

    b7b6bb7bf583e629682e03b006a51930

  • SHA1

    c23902fd3f63ed65747ae6e0fdb2061f1c726cfd

  • SHA256

    163327ef2d45b6f85516cac7adf22e715554521980d0a6046290cdf11e7cb3cc

  • SHA512

    2665cee042adc05b50242bc54c3592f4b7286fc38dbacf72e414e28a974a5676d7871e4288cf25a508d7ee5e3db265e173c31acb712eb825d3330388d005eb71

  • SSDEEP

    1536:N/01EOSgOH4YUJCP2q212xYbRhM/1x9G3WngI36cAKgDep:2EO/GZWg2N12xYbRh0fiiZp

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      163327ef2d45b6f85516cac7adf22e715554521980d0a6046290cdf11e7cb3ccN.exe

    • Size

      74KB

    • MD5

      b7b6bb7bf583e629682e03b006a51930

    • SHA1

      c23902fd3f63ed65747ae6e0fdb2061f1c726cfd

    • SHA256

      163327ef2d45b6f85516cac7adf22e715554521980d0a6046290cdf11e7cb3cc

    • SHA512

      2665cee042adc05b50242bc54c3592f4b7286fc38dbacf72e414e28a974a5676d7871e4288cf25a508d7ee5e3db265e173c31acb712eb825d3330388d005eb71

    • SSDEEP

      1536:N/01EOSgOH4YUJCP2q212xYbRhM/1x9G3WngI36cAKgDep:2EO/GZWg2N12xYbRh0fiiZp

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks