Overview

overview

10

Static

static

3

22ad009a0e...8N.exe

windows7-x64

10

22ad009a0e...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22ad009a0e7bd1921665d39b72bb5927a66deeea00cec8ab86da9661f273d0a8N.exe

  • Size

    159KB

  • Sample

    241208-bp6gpsvjcv

  • MD5

    2c3611b5988870c2e4587f41580bd280

  • SHA1

    90494b672c005c5865ce21da7f49a9a45fa19b6e

  • SHA256

    22ad009a0e7bd1921665d39b72bb5927a66deeea00cec8ab86da9661f273d0a8

  • SHA512

    a212dc0f2404a8e1e5cc8d710d5ff01529329a916f774dcc718c2311fe68d2fe6cd71743f6ed0a7f1e7a787e078a502001ee5b1a39cad794210c0551c21a6a7a

  • SSDEEP

    3072:O6zRMTfPU+T6c69qMim/mLbwf1nFzwSAJB8FgBY5nd/M9dA:O6zuHec6Tiz41n6xJmPM9dA

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      22ad009a0e7bd1921665d39b72bb5927a66deeea00cec8ab86da9661f273d0a8N.exe

    • Size

      159KB

    • MD5

      2c3611b5988870c2e4587f41580bd280

    • SHA1

      90494b672c005c5865ce21da7f49a9a45fa19b6e

    • SHA256

      22ad009a0e7bd1921665d39b72bb5927a66deeea00cec8ab86da9661f273d0a8

    • SHA512

      a212dc0f2404a8e1e5cc8d710d5ff01529329a916f774dcc718c2311fe68d2fe6cd71743f6ed0a7f1e7a787e078a502001ee5b1a39cad794210c0551c21a6a7a

    • SSDEEP

      3072:O6zRMTfPU+T6c69qMim/mLbwf1nFzwSAJB8FgBY5nd/M9dA:O6zuHec6Tiz41n6xJmPM9dA

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks