Overview

overview

10

Static

static

3

a3e2dc6e6f...3N.exe

windows7-x64

10

a3e2dc6e6f...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3e2dc6e6f78be4c473a3ff9e4a657d0c3ab1ba72c64463557aca8a9cd85f7e3N.exe

  • Size

    128KB

  • Sample

    241208-fa3jqatjft

  • MD5

    dd1ffd4b48cc6bc27965585f4ea3c6d0

  • SHA1

    3053429cac01ad6d7a3e657c3ea1882d749bcac5

  • SHA256

    a3e2dc6e6f78be4c473a3ff9e4a657d0c3ab1ba72c64463557aca8a9cd85f7e3

  • SHA512

    f907c6014b67aac8bc1d4aaea41b3d12b1457f37804a60f7f1e46d39419a4e12ae44bdacda867a8cbce9283b89c22ef367af9b8ab934a5f4ac1ce33927d81dfa

  • SSDEEP

    1536:qyf+zzhw1ug3dRS85pFCJH3Z/Et67+IUB5YnoPoPemL9W0OXGzurnYJpD9r8Xxr+:QQpYwTAZNOWzGYJpD9r8XxrYnQ0

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a3e2dc6e6f78be4c473a3ff9e4a657d0c3ab1ba72c64463557aca8a9cd85f7e3N.exe

    • Size

      128KB

    • MD5

      dd1ffd4b48cc6bc27965585f4ea3c6d0

    • SHA1

      3053429cac01ad6d7a3e657c3ea1882d749bcac5

    • SHA256

      a3e2dc6e6f78be4c473a3ff9e4a657d0c3ab1ba72c64463557aca8a9cd85f7e3

    • SHA512

      f907c6014b67aac8bc1d4aaea41b3d12b1457f37804a60f7f1e46d39419a4e12ae44bdacda867a8cbce9283b89c22ef367af9b8ab934a5f4ac1ce33927d81dfa

    • SSDEEP

      1536:qyf+zzhw1ug3dRS85pFCJH3Z/Et67+IUB5YnoPoPemL9W0OXGzurnYJpD9r8Xxr+:QQpYwTAZNOWzGYJpD9r8XxrYnQ0

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks