Overview

overview

10

Static

static

10

0e724a2b36...07.exe

windows7-x64

10

0e724a2b36...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e724a2b3600927948d1db0d14252f78520dc159d205520190a78e30260a0b07

  • Size

    280KB

  • Sample

    241208-yc7wbsxrbl

  • MD5

    e3b0b8fb600a2b3831520c51a08292bb

  • SHA1

    955a02a2431ba60be5fdbc6c3e1178731cf03a94

  • SHA256

    0e724a2b3600927948d1db0d14252f78520dc159d205520190a78e30260a0b07

  • SHA512

    3e619af637430ad7d83d7056c967e0b3a1b4a19ea34899ccc9176bac72f6e029a0486ec49cf9ef22d2c3686ec025d2fc3963e97de8d442f87d9709081bc2dbfa

  • SSDEEP

    6144:Ni+cw6oPn8xhIknzi/GOORjMmRUoooooooooooooooooooooooooy/G3:NVcAnsi//OVLCoooooooooooooooooo0

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0e724a2b3600927948d1db0d14252f78520dc159d205520190a78e30260a0b07

    • Size

      280KB

    • MD5

      e3b0b8fb600a2b3831520c51a08292bb

    • SHA1

      955a02a2431ba60be5fdbc6c3e1178731cf03a94

    • SHA256

      0e724a2b3600927948d1db0d14252f78520dc159d205520190a78e30260a0b07

    • SHA512

      3e619af637430ad7d83d7056c967e0b3a1b4a19ea34899ccc9176bac72f6e029a0486ec49cf9ef22d2c3686ec025d2fc3963e97de8d442f87d9709081bc2dbfa

    • SSDEEP

      6144:Ni+cw6oPn8xhIknzi/GOORjMmRUoooooooooooooooooooooooooy/G3:NVcAnsi//OVLCoooooooooooooooooo0

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks