Overview

overview

10

Static

static

3

f4ceee593b...e0.exe

windows7-x64

10

f4ceee593b...e0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4ceee593b322de9c74e992acfe7e0df05a4de7fee8b55146821648d20aa1be0

  • Size

    76KB

  • Sample

    241209-e8epwavlbl

  • MD5

    820a16406a88242eaff24d6b30fbaa79

  • SHA1

    cd511b3aa4fe31c51861453eea0c8c094f8b5565

  • SHA256

    f4ceee593b322de9c74e992acfe7e0df05a4de7fee8b55146821648d20aa1be0

  • SHA512

    852d2747fd1adbd7d1fd493a2b2b12449c2fa596343fead98bb89164eb695653fe0b9abbe3a65cae5294cca383231645a177dfe6eb9677552ff24d1cdffd4cc5

  • SSDEEP

    1536:bGonkbG8dBRV4mnyl+Ny6JEht2yt2HNZc9O71ikWx:P8gmncL6JM2VZcIxi1x

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f4ceee593b322de9c74e992acfe7e0df05a4de7fee8b55146821648d20aa1be0

    • Size

      76KB

    • MD5

      820a16406a88242eaff24d6b30fbaa79

    • SHA1

      cd511b3aa4fe31c51861453eea0c8c094f8b5565

    • SHA256

      f4ceee593b322de9c74e992acfe7e0df05a4de7fee8b55146821648d20aa1be0

    • SHA512

      852d2747fd1adbd7d1fd493a2b2b12449c2fa596343fead98bb89164eb695653fe0b9abbe3a65cae5294cca383231645a177dfe6eb9677552ff24d1cdffd4cc5

    • SSDEEP

      1536:bGonkbG8dBRV4mnyl+Ny6JEht2yt2HNZc9O71ikWx:P8gmncL6JM2VZcIxi1x

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks