Overview

overview

10

Static

static

3

b0c9d76fbb...dN.exe

windows7-x64

10

b0c9d76fbb...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0c9d76fbbf03fc5d7fad1289d6fbbac95b4f88baddd49ea44eb03dd2f61f98dN.exe

  • Size

    74KB

  • Sample

    241208-b9awja1mek

  • MD5

    f75f1d82063b7a77c9fb8827b8cc5c30

  • SHA1

    448686c7dadf53f233385a8b9f2dea39004af15f

  • SHA256

    b0c9d76fbbf03fc5d7fad1289d6fbbac95b4f88baddd49ea44eb03dd2f61f98d

  • SHA512

    ce29db3fdf13a313e757e40cdda9921b303b1863d61e10e0cd49a1c3e46c49b3bb2952d4d867ec0d86d37a004133cda0393a15dc4c6531bf8e93fbb02c293a4e

  • SSDEEP

    1536:uGJCB6WmaRiCqKbCyGInA14F/OjLXn9yyC6PqnYryVuuuuBBtnV2o:bCoWjnqQzyqKXPC6wYryVuuuuBBtwo

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b0c9d76fbbf03fc5d7fad1289d6fbbac95b4f88baddd49ea44eb03dd2f61f98dN.exe

    • Size

      74KB

    • MD5

      f75f1d82063b7a77c9fb8827b8cc5c30

    • SHA1

      448686c7dadf53f233385a8b9f2dea39004af15f

    • SHA256

      b0c9d76fbbf03fc5d7fad1289d6fbbac95b4f88baddd49ea44eb03dd2f61f98d

    • SHA512

      ce29db3fdf13a313e757e40cdda9921b303b1863d61e10e0cd49a1c3e46c49b3bb2952d4d867ec0d86d37a004133cda0393a15dc4c6531bf8e93fbb02c293a4e

    • SSDEEP

      1536:uGJCB6WmaRiCqKbCyGInA14F/OjLXn9yyC6PqnYryVuuuuBBtnV2o:bCoWjnqQzyqKXPC6wYryVuuuuBBtwo

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks