Overview

overview

10

Static

static

3

000343ee38...5c.exe

windows7-x64

10

000343ee38...5c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    000343ee381f8b1e719054ef0d8facdafb01ca1a3a66e5ed04dedde7ec07435c

  • Size

    96KB

  • Sample

    241208-xpr5zaskgs

  • MD5

    fb082dadb67619a034e3f396eba8dc02

  • SHA1

    4a4953dbbe15ce64043a3f804dea3cb31d60c36c

  • SHA256

    000343ee381f8b1e719054ef0d8facdafb01ca1a3a66e5ed04dedde7ec07435c

  • SHA512

    989d4879d514423520fe005a3ede736538e3a0d99c326f2699a67f2d50dc11a871132544d34b7e9527dba2a2330aecc1e0adf6e2aa53bae47e638d8fd5584557

  • SSDEEP

    1536:WAs5aXzB5RhRLatGoKyQ7vobxn9qs0KAcLcpNXpcdbic5xiOM6bOLXi8PmCofGy:HjvR7LKQrWqqYB2ic5cDrLXfzoey

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      000343ee381f8b1e719054ef0d8facdafb01ca1a3a66e5ed04dedde7ec07435c

    • Size

      96KB

    • MD5

      fb082dadb67619a034e3f396eba8dc02

    • SHA1

      4a4953dbbe15ce64043a3f804dea3cb31d60c36c

    • SHA256

      000343ee381f8b1e719054ef0d8facdafb01ca1a3a66e5ed04dedde7ec07435c

    • SHA512

      989d4879d514423520fe005a3ede736538e3a0d99c326f2699a67f2d50dc11a871132544d34b7e9527dba2a2330aecc1e0adf6e2aa53bae47e638d8fd5584557

    • SSDEEP

      1536:WAs5aXzB5RhRLatGoKyQ7vobxn9qs0KAcLcpNXpcdbic5xiOM6bOLXi8PmCofGy:HjvR7LKQrWqqYB2ic5cDrLXfzoey

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks