Overview

overview

10

Static

static

10

6610a2d76e...eN.exe

windows7-x64

10

6610a2d76e...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6610a2d76e53179ee335c1b487c34ab02e808555e8b880186c57bfb76ec5ab9eN.exe

  • Size

    128KB

  • Sample

    241208-am895ssjgs

  • MD5

    f83ac992b2af16f09f4009299b03dae0

  • SHA1

    d352d551bef612adb0aa38bba51dcee2bc9d52fa

  • SHA256

    6610a2d76e53179ee335c1b487c34ab02e808555e8b880186c57bfb76ec5ab9e

  • SHA512

    270bc4e027bc5acfb8e75054dd9edb245e4d513e5a0c0df58f38ac2450027aa9a43355e8863471bd2bf4cf9f6e967abb7b50b710dbcc28ea9f08fbac1b4acbc5

  • SSDEEP

    3072:APPCe7+FPgLwJIS0KBlhE3Go1c70JFNzGYJpD9r8XxrYnQ0:UsPgLwJIS0KBlhE3GoDJFVGyZ6Yl

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6610a2d76e53179ee335c1b487c34ab02e808555e8b880186c57bfb76ec5ab9eN.exe

    • Size

      128KB

    • MD5

      f83ac992b2af16f09f4009299b03dae0

    • SHA1

      d352d551bef612adb0aa38bba51dcee2bc9d52fa

    • SHA256

      6610a2d76e53179ee335c1b487c34ab02e808555e8b880186c57bfb76ec5ab9e

    • SHA512

      270bc4e027bc5acfb8e75054dd9edb245e4d513e5a0c0df58f38ac2450027aa9a43355e8863471bd2bf4cf9f6e967abb7b50b710dbcc28ea9f08fbac1b4acbc5

    • SSDEEP

      3072:APPCe7+FPgLwJIS0KBlhE3Go1c70JFNzGYJpD9r8XxrYnQ0:UsPgLwJIS0KBlhE3GoDJFVGyZ6Yl

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks