Overview

overview

10

Static

static

3

574f311b7d...aN.exe

windows7-x64

10

574f311b7d...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    574f311b7ddbe89ef3365f301cd03c6deedc2a67448258c01a4ebd8fa9c8801aN.exe

  • Size

    74KB

  • Sample

    241208-awk9nssmf1

  • MD5

    6a379fd30d4f93c3b837ccd26fcce370

  • SHA1

    3e4025f627e04547487961c13cea6881021f43d9

  • SHA256

    574f311b7ddbe89ef3365f301cd03c6deedc2a67448258c01a4ebd8fa9c8801a

  • SHA512

    295941bd7316f4a8ae4943a6d3f6f9dbe06845906d059e72912b26a97707247d2d32b0a2dc83ddbe8a8949489883033a5da124fa8eb5e6ed22c43aec66c0203d

  • SSDEEP

    1536:NGtAhm1+Zds17i/4RBb5i+3nROnu/YCk93Cye3unujS4y5:EtAQ1+Zdsdiw5i+3nROnht93Cye3unJ9

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      574f311b7ddbe89ef3365f301cd03c6deedc2a67448258c01a4ebd8fa9c8801aN.exe

    • Size

      74KB

    • MD5

      6a379fd30d4f93c3b837ccd26fcce370

    • SHA1

      3e4025f627e04547487961c13cea6881021f43d9

    • SHA256

      574f311b7ddbe89ef3365f301cd03c6deedc2a67448258c01a4ebd8fa9c8801a

    • SHA512

      295941bd7316f4a8ae4943a6d3f6f9dbe06845906d059e72912b26a97707247d2d32b0a2dc83ddbe8a8949489883033a5da124fa8eb5e6ed22c43aec66c0203d

    • SSDEEP

      1536:NGtAhm1+Zds17i/4RBb5i+3nROnu/YCk93Cye3unujS4y5:EtAQ1+Zdsdiw5i+3nROnht93Cye3unJ9

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks