Overview

overview

10

Static

static

3

899c493bf7...ce.exe

windows7-x64

10

899c493bf7...ce.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    899c493bf7cdc45beadcecbd7d1edb4ed868280cbc50d0a362a7409e27f001ce

  • Size

    96KB

  • Sample

    241209-a3z2ea1qcr

  • MD5

    82808eb8dbd34229f3be79038d1bc24c

  • SHA1

    54feeb1bffa88d4b0a90bf08c49f210c746ade28

  • SHA256

    899c493bf7cdc45beadcecbd7d1edb4ed868280cbc50d0a362a7409e27f001ce

  • SHA512

    57e65a18b2b94741634f0ffd42c0a00f39fde3a83d624a2517e06a5c83671f41222f5c924458e932bfae8e99e0e764031d052d8876ab28548752ab81c90a7638

  • SSDEEP

    1536:STKutwTEl92BWIAmX72+25eJIlfEpc+cr7ORrSXeBduV9jojTIvjr:Smn692omXSF5e6dEjSOBd69jc0v

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      899c493bf7cdc45beadcecbd7d1edb4ed868280cbc50d0a362a7409e27f001ce

    • Size

      96KB

    • MD5

      82808eb8dbd34229f3be79038d1bc24c

    • SHA1

      54feeb1bffa88d4b0a90bf08c49f210c746ade28

    • SHA256

      899c493bf7cdc45beadcecbd7d1edb4ed868280cbc50d0a362a7409e27f001ce

    • SHA512

      57e65a18b2b94741634f0ffd42c0a00f39fde3a83d624a2517e06a5c83671f41222f5c924458e932bfae8e99e0e764031d052d8876ab28548752ab81c90a7638

    • SSDEEP

      1536:STKutwTEl92BWIAmX72+25eJIlfEpc+cr7ORrSXeBduV9jojTIvjr:Smn692omXSF5e6dEjSOBd69jc0v

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks