Overview

overview

10

Static

static

10

62dd45928b...6N.exe

windows7-x64

10

62dd45928b...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62dd45928b9666a8ce8e0b24340d3d2437debcbebcc079018a067c197fc21fb6N.exe

  • Size

    391KB

  • Sample

    241208-bf6fcayrhm

  • MD5

    b80e9b410165558ac4d87b125ff51560

  • SHA1

    b5037c5f8649b7947a00639a29861a7f14fa2913

  • SHA256

    62dd45928b9666a8ce8e0b24340d3d2437debcbebcc079018a067c197fc21fb6

  • SHA512

    48185f376056b61089657bdeff56f4fe1c2ac07bc0c9b4b0bc4f785929859ff394db7851c714fa39d59326bed60bbe85f3adfcb42c29fe3f80052ce044e51c30

  • SSDEEP

    6144:fKUFtNb7Ke+3FT3RraAfbAfNtTAfMAfFAfNPUmKyIxLfYeOO9UmKyIxL4:fKUdb7Ke+3FTBmNtuhUNP3cOK3L

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      62dd45928b9666a8ce8e0b24340d3d2437debcbebcc079018a067c197fc21fb6N.exe

    • Size

      391KB

    • MD5

      b80e9b410165558ac4d87b125ff51560

    • SHA1

      b5037c5f8649b7947a00639a29861a7f14fa2913

    • SHA256

      62dd45928b9666a8ce8e0b24340d3d2437debcbebcc079018a067c197fc21fb6

    • SHA512

      48185f376056b61089657bdeff56f4fe1c2ac07bc0c9b4b0bc4f785929859ff394db7851c714fa39d59326bed60bbe85f3adfcb42c29fe3f80052ce044e51c30

    • SSDEEP

      6144:fKUFtNb7Ke+3FT3RraAfbAfNtTAfMAfFAfNPUmKyIxLfYeOO9UmKyIxL4:fKUdb7Ke+3FTBmNtuhUNP3cOK3L

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks