Overview

overview

10

Static

static

3

a75ee1d94b...3N.exe

windows7-x64

10

a75ee1d94b...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a75ee1d94b42f21047e9b874854360e116f4bb6111bf3197d7f93fd2b9ab5943N.exe

  • Size

    74KB

  • Sample

    241208-byr1nszrdn

  • MD5

    8881a743fdaabe27e512265acb668d90

  • SHA1

    662bd4cc235a56575dc90b2b2a5e49bf57ebda43

  • SHA256

    a75ee1d94b42f21047e9b874854360e116f4bb6111bf3197d7f93fd2b9ab5943

  • SHA512

    3cfb9b9472b17b6f4c1f5e404aa8cdb0011af8ac8f2efaede5bb983261c49aa82f3f388a9820fea8641db832ac37e3223161e4a9d1ef47ed428c2f9545c03c17

  • SSDEEP

    1536:fNoH/EwDEnUgSps2+Umq3iST4dNJZrwqxLjlWhZk:FIDFps20ITWNJRxLam

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a75ee1d94b42f21047e9b874854360e116f4bb6111bf3197d7f93fd2b9ab5943N.exe

    • Size

      74KB

    • MD5

      8881a743fdaabe27e512265acb668d90

    • SHA1

      662bd4cc235a56575dc90b2b2a5e49bf57ebda43

    • SHA256

      a75ee1d94b42f21047e9b874854360e116f4bb6111bf3197d7f93fd2b9ab5943

    • SHA512

      3cfb9b9472b17b6f4c1f5e404aa8cdb0011af8ac8f2efaede5bb983261c49aa82f3f388a9820fea8641db832ac37e3223161e4a9d1ef47ed428c2f9545c03c17

    • SSDEEP

      1536:fNoH/EwDEnUgSps2+Umq3iST4dNJZrwqxLjlWhZk:FIDFps20ITWNJRxLam

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks