Overview

overview

10

Static

static

3

4d66ce8c09...55.exe

windows7-x64

10

4d66ce8c09...55.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d66ce8c0999e33f5228182aa51898623ab94e6098b1cc467282c09924fd0c55

  • Size

    91KB

  • Sample

    241209-1elf8askbx

  • MD5

    f0ce00369a44f9fcac5138e1eb2f7853

  • SHA1

    e5586fb6ed5b3664c105018bede19b379f64c9b7

  • SHA256

    4d66ce8c0999e33f5228182aa51898623ab94e6098b1cc467282c09924fd0c55

  • SHA512

    c5dd72562213bc1b75cb487849fdcb857c96538e72cb599fb60e1b72e1f33bb18a243aee3635ea539c8ec88b851d58428366d9830eff2e2fc83886512d4d0dad

  • SSDEEP

    1536:Fq8LxLWri2mPEnmU3QhubmRNHekBZU7mtAG5122vykHu+NVXtYr/viVMi:VLx6ccnmU3QoaWknCpGL226U/9o/vOMi

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4d66ce8c0999e33f5228182aa51898623ab94e6098b1cc467282c09924fd0c55

    • Size

      91KB

    • MD5

      f0ce00369a44f9fcac5138e1eb2f7853

    • SHA1

      e5586fb6ed5b3664c105018bede19b379f64c9b7

    • SHA256

      4d66ce8c0999e33f5228182aa51898623ab94e6098b1cc467282c09924fd0c55

    • SHA512

      c5dd72562213bc1b75cb487849fdcb857c96538e72cb599fb60e1b72e1f33bb18a243aee3635ea539c8ec88b851d58428366d9830eff2e2fc83886512d4d0dad

    • SSDEEP

      1536:Fq8LxLWri2mPEnmU3QhubmRNHekBZU7mtAG5122vykHu+NVXtYr/viVMi:VLx6ccnmU3QoaWknCpGL226U/9o/vOMi

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks