Overview

overview

10

Static

static

3

c13850e9a8...91.exe

windows7-x64

10

c13850e9a8...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c13850e9a84773e3fbb04311b05682711ba009533b8ac34627da19ddae9b5091

  • Size

    88KB

  • Sample

    241208-c84b5atmdl

  • MD5

    d2312f6ef1c9dd3fb561c8c19a56739e

  • SHA1

    036b441ff13b1917c4f64b128a09f4859f464ce6

  • SHA256

    c13850e9a84773e3fbb04311b05682711ba009533b8ac34627da19ddae9b5091

  • SHA512

    fcac8365726665f5b61feb87ea37e718eaff641d1a72978c896cff27411a65fe18f82accdb45e5455daba799d3c2f961c8cd7ca60bbbd64d5486e8ca033af7ae

  • SSDEEP

    1536:Aj0r2InL5uE2K1tpNZKyOJaA+MwNvjRG/RSwg7G8fn6+4XaknLnouy8B:AQX9uDKLMyOJaA+rcxgvfn6+YasToutB

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c13850e9a84773e3fbb04311b05682711ba009533b8ac34627da19ddae9b5091

    • Size

      88KB

    • MD5

      d2312f6ef1c9dd3fb561c8c19a56739e

    • SHA1

      036b441ff13b1917c4f64b128a09f4859f464ce6

    • SHA256

      c13850e9a84773e3fbb04311b05682711ba009533b8ac34627da19ddae9b5091

    • SHA512

      fcac8365726665f5b61feb87ea37e718eaff641d1a72978c896cff27411a65fe18f82accdb45e5455daba799d3c2f961c8cd7ca60bbbd64d5486e8ca033af7ae

    • SSDEEP

      1536:Aj0r2InL5uE2K1tpNZKyOJaA+MwNvjRG/RSwg7G8fn6+4XaknLnouy8B:AQX9uDKLMyOJaA+rcxgvfn6+YasToutB

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks