Overview

overview

10

Static

static

3

ca3856b64f...99.exe

windows7-x64

10

ca3856b64f...99.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca3856b64f602750e2418eed854cfd3eb3b58b2fefc3165f84f955523ed2fd99

  • Size

    442KB

  • Sample

    241208-dl778syre1

  • MD5

    79f75e33fddc6cb0aa33dacf79c58d12

  • SHA1

    ac76d614fecbd05ec48bf87b26af51dc5d848584

  • SHA256

    ca3856b64f602750e2418eed854cfd3eb3b58b2fefc3165f84f955523ed2fd99

  • SHA512

    924bea5f1110e83b70822c26e0f167b934980754a341b6c66fe6c833bfd259e09bd7c7f9d3b31211c50099682ece609d10efa4223b673a13a3dbed39949c87c7

  • SSDEEP

    3072:nSlxkNI9uqf+BBGVCV5akqrifbdB7dYk1Bx8DpsV68RfPi4meqByN2DmtXGTtiOx:nImBeMakym/89bifPidzIEZ/VZ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ca3856b64f602750e2418eed854cfd3eb3b58b2fefc3165f84f955523ed2fd99

    • Size

      442KB

    • MD5

      79f75e33fddc6cb0aa33dacf79c58d12

    • SHA1

      ac76d614fecbd05ec48bf87b26af51dc5d848584

    • SHA256

      ca3856b64f602750e2418eed854cfd3eb3b58b2fefc3165f84f955523ed2fd99

    • SHA512

      924bea5f1110e83b70822c26e0f167b934980754a341b6c66fe6c833bfd259e09bd7c7f9d3b31211c50099682ece609d10efa4223b673a13a3dbed39949c87c7

    • SSDEEP

      3072:nSlxkNI9uqf+BBGVCV5akqrifbdB7dYk1Bx8DpsV68RfPi4meqByN2DmtXGTtiOx:nImBeMakym/89bifPidzIEZ/VZ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks