Overview

overview

10

Static

static

10

9f50b46607...9N.exe

windows7-x64

10

9f50b46607...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f50b4660789d93cd3bff0a6b2c385581007dbf345c737ce7ebf854f8422cc69N.exe

  • Size

    359KB

  • Sample

    241208-el4eqa1qhx

  • MD5

    98efad5793b15d1bddf1db9f875088e0

  • SHA1

    fad4f71ba85e400789ca559488e5455c6b657079

  • SHA256

    9f50b4660789d93cd3bff0a6b2c385581007dbf345c737ce7ebf854f8422cc69

  • SHA512

    6b8d244414e4ca35d8963e3c806af9b7edf406e2971b700e98ebd593a8711a1c22ba732935c497c5e13d65d9d69886e8aa2551c3103fdbc9a645cf90b34fe632

  • SSDEEP

    6144:Yv0JamKL6YVrOigcC6oQ6+EcC6oQ6+YahBQyiTACPTRN6+YahBQyiTAgiuMRlxZE:HRKrK9E6n9E6vah6yiMCPTRN6vah6yiL

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9f50b4660789d93cd3bff0a6b2c385581007dbf345c737ce7ebf854f8422cc69N.exe

    • Size

      359KB

    • MD5

      98efad5793b15d1bddf1db9f875088e0

    • SHA1

      fad4f71ba85e400789ca559488e5455c6b657079

    • SHA256

      9f50b4660789d93cd3bff0a6b2c385581007dbf345c737ce7ebf854f8422cc69

    • SHA512

      6b8d244414e4ca35d8963e3c806af9b7edf406e2971b700e98ebd593a8711a1c22ba732935c497c5e13d65d9d69886e8aa2551c3103fdbc9a645cf90b34fe632

    • SSDEEP

      6144:Yv0JamKL6YVrOigcC6oQ6+EcC6oQ6+YahBQyiTACPTRN6+YahBQyiTAgiuMRlxZE:HRKrK9E6n9E6vah6yiMCPTRN6vah6yiL

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks