Overview

overview

10

Static

static

3

7899658cc1...fN.exe

windows7-x64

10

7899658cc1...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7899658cc1426f6ca41f1979617b76daa2fd87017b2b66c53ee27a100965e70fN.exe

  • Size

    192KB

  • Sample

    241208-b6kassvrcs

  • MD5

    55115d318645ac147ddb3fe1663b4790

  • SHA1

    d634bd27ef86d1d917d47b149412dee7d05f8c9a

  • SHA256

    7899658cc1426f6ca41f1979617b76daa2fd87017b2b66c53ee27a100965e70f

  • SHA512

    f0ebb170f8b47e540aa713465aeaa13d8103ec35b367ad0da425db495e20a090e8db4033484112edc2699d7e9fd2b8a3b0a948db3ccc9438716b57117eecf1b6

  • SSDEEP

    3072:OXQSCS17X+RGgU2LEPth3FQo7fnEBctcp/+wreVism:hSCS17uTcf3FF7fPtcsw6U1

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7899658cc1426f6ca41f1979617b76daa2fd87017b2b66c53ee27a100965e70fN.exe

    • Size

      192KB

    • MD5

      55115d318645ac147ddb3fe1663b4790

    • SHA1

      d634bd27ef86d1d917d47b149412dee7d05f8c9a

    • SHA256

      7899658cc1426f6ca41f1979617b76daa2fd87017b2b66c53ee27a100965e70f

    • SHA512

      f0ebb170f8b47e540aa713465aeaa13d8103ec35b367ad0da425db495e20a090e8db4033484112edc2699d7e9fd2b8a3b0a948db3ccc9438716b57117eecf1b6

    • SSDEEP

      3072:OXQSCS17X+RGgU2LEPth3FQo7fnEBctcp/+wreVism:hSCS17uTcf3FF7fPtcsw6U1

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks