Overview

overview

10

Static

static

3

224eedbc32...cN.exe

windows7-x64

10

224eedbc32...cN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    224eedbc32eff7e424c9c280551ad859b9b9d3eca4699f756e40e3d137277ddcN.exe

  • Size

    74KB

  • Sample

    241208-atbbpaxpfr

  • MD5

    9d7fefbb825267daa1e8e6edae569c00

  • SHA1

    fa75d6b36d673d525fd44d35fb4cc2beaf3b28a1

  • SHA256

    224eedbc32eff7e424c9c280551ad859b9b9d3eca4699f756e40e3d137277ddc

  • SHA512

    8f19805bfc194a49b6d34a3776f204b8fd1617c87651c51bcd7cf065bec9e5b1dbf747fa3b2083a8f655eb827fac39690a77916ef83b153c81baf1f91d956df8

  • SSDEEP

    1536:N5RHu8VvPUwqOY97WsBZVL5o82hj+CHQERQ3IRJC4eF:DRhawqt97WsTJ5o82fHQfIRQZF

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      224eedbc32eff7e424c9c280551ad859b9b9d3eca4699f756e40e3d137277ddcN.exe

    • Size

      74KB

    • MD5

      9d7fefbb825267daa1e8e6edae569c00

    • SHA1

      fa75d6b36d673d525fd44d35fb4cc2beaf3b28a1

    • SHA256

      224eedbc32eff7e424c9c280551ad859b9b9d3eca4699f756e40e3d137277ddc

    • SHA512

      8f19805bfc194a49b6d34a3776f204b8fd1617c87651c51bcd7cf065bec9e5b1dbf747fa3b2083a8f655eb827fac39690a77916ef83b153c81baf1f91d956df8

    • SSDEEP

      1536:N5RHu8VvPUwqOY97WsBZVL5o82hj+CHQERQ3IRJC4eF:DRhawqt97WsTJ5o82fHQfIRQZF

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks