Overview

overview

10

Static

static

3

6b173c6321...7N.exe

windows7-x64

10

6b173c6321...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b173c6321e8f6130f1e271824881a5579c59005b813a8c4e3e4482538e86237N.exe

  • Size

    74KB

  • Sample

    241208-axs1xaxrem

  • MD5

    4ba4388ae3638b397d4f12370e76c590

  • SHA1

    22b5c364a181e1fb6e53a2e47ce5dca277de2e8a

  • SHA256

    6b173c6321e8f6130f1e271824881a5579c59005b813a8c4e3e4482538e86237

  • SHA512

    c5502431dd5a1ed5ed848132fa2e2baaf955a4a130fe58139e427d83a5f8b51f0bbb4de8702b5990274beb2fcd463dd71350c1537e087308034f697e3906c11d

  • SSDEEP

    768:8IKvpylzElRk6WqkzDOYgYJvKWoeOKb1Onf3WCvH9J08dkgJxdH96ADTp3JDSPlI:8IKUzyZk+XeOLfmCvH9JJfbBp3Yg

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6b173c6321e8f6130f1e271824881a5579c59005b813a8c4e3e4482538e86237N.exe

    • Size

      74KB

    • MD5

      4ba4388ae3638b397d4f12370e76c590

    • SHA1

      22b5c364a181e1fb6e53a2e47ce5dca277de2e8a

    • SHA256

      6b173c6321e8f6130f1e271824881a5579c59005b813a8c4e3e4482538e86237

    • SHA512

      c5502431dd5a1ed5ed848132fa2e2baaf955a4a130fe58139e427d83a5f8b51f0bbb4de8702b5990274beb2fcd463dd71350c1537e087308034f697e3906c11d

    • SSDEEP

      768:8IKvpylzElRk6WqkzDOYgYJvKWoeOKb1Onf3WCvH9J08dkgJxdH96ADTp3JDSPlI:8IKUzyZk+XeOLfmCvH9JJfbBp3Yg

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks