Overview

overview

10

Static

static

10

4283c07d0c...4N.exe

windows7-x64

10

4283c07d0c...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4283c07d0c19c32d8b2ca3c4c9364786c46b46f03d048f16cf242f07ed56b724N.exe

  • Size

    128KB

  • Sample

    241208-bds28syqfl

  • MD5

    cdcd7b9d646f657d837028929c066000

  • SHA1

    2bbb4834c36e386401d9093cb2e3a9a0f89fbba8

  • SHA256

    4283c07d0c19c32d8b2ca3c4c9364786c46b46f03d048f16cf242f07ed56b724

  • SHA512

    df87c097aeb7cfb21672a69e206cd59d7b882e13a6d2dd0af3f043501601f65a43f5aacc5df78bba8c34f64d540c1b6009c0dac46455e0fdd2532dba31e15e5a

  • SSDEEP

    1536:/EVwQJIikCH7NDviS0aSN2Wx8eL7Zow98yjY+qLdbwZG9o1nFzz3yjCQRawEDAJZ:MV/RHpKX2veP1jadbwf1nFzwSAJB8e

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4283c07d0c19c32d8b2ca3c4c9364786c46b46f03d048f16cf242f07ed56b724N.exe

    • Size

      128KB

    • MD5

      cdcd7b9d646f657d837028929c066000

    • SHA1

      2bbb4834c36e386401d9093cb2e3a9a0f89fbba8

    • SHA256

      4283c07d0c19c32d8b2ca3c4c9364786c46b46f03d048f16cf242f07ed56b724

    • SHA512

      df87c097aeb7cfb21672a69e206cd59d7b882e13a6d2dd0af3f043501601f65a43f5aacc5df78bba8c34f64d540c1b6009c0dac46455e0fdd2532dba31e15e5a

    • SSDEEP

      1536:/EVwQJIikCH7NDviS0aSN2Wx8eL7Zow98yjY+qLdbwZG9o1nFzz3yjCQRawEDAJZ:MV/RHpKX2veP1jadbwf1nFzwSAJB8e

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks