Overview

overview

10

Static

static

3

53c10400c9...15.exe

windows7-x64

10

53c10400c9...15.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53c10400c9a396b2a35a7567828a12a4dd84113767224fe1954880087eff4f15

  • Size

    442KB

  • Sample

    241208-2p5hhszpgp

  • MD5

    950dc22d1aaaae5af3756a188660336e

  • SHA1

    ab13a772dac7fa702018852286c3337fd81977d6

  • SHA256

    53c10400c9a396b2a35a7567828a12a4dd84113767224fe1954880087eff4f15

  • SHA512

    807c2474b613eb6b1a9ad8be0ddaf3efe33feee6f44408bbfa5b896327b5b3981f958913e8230de7b85980c4b905add58a5f54eaae0d1c18f0895a7befefa48e

  • SSDEEP

    6144:Kv/RJPGNzkHevMK4Ckym/89bifPidzIEZ/VZ:Kv/RJON4KYfv6UE9

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      53c10400c9a396b2a35a7567828a12a4dd84113767224fe1954880087eff4f15

    • Size

      442KB

    • MD5

      950dc22d1aaaae5af3756a188660336e

    • SHA1

      ab13a772dac7fa702018852286c3337fd81977d6

    • SHA256

      53c10400c9a396b2a35a7567828a12a4dd84113767224fe1954880087eff4f15

    • SHA512

      807c2474b613eb6b1a9ad8be0ddaf3efe33feee6f44408bbfa5b896327b5b3981f958913e8230de7b85980c4b905add58a5f54eaae0d1c18f0895a7befefa48e

    • SSDEEP

      6144:Kv/RJPGNzkHevMK4Ckym/89bifPidzIEZ/VZ:Kv/RJON4KYfv6UE9

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks