Overview

overview

10

Static

static

3

fad7f4d28a...3c.exe

windows7-x64

10

fad7f4d28a...3c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fad7f4d28a55b1023374c639b47329727efb42d264ff83eb39b3529da4fbcd3c

  • Size

    90KB

  • Sample

    241209-ffmepavmbm

  • MD5

    1a78f74d6655159d1d7dd72fd42ffed7

  • SHA1

    4130694b319b38b9bad95ac13c4080eb12055ab1

  • SHA256

    fad7f4d28a55b1023374c639b47329727efb42d264ff83eb39b3529da4fbcd3c

  • SHA512

    e32ad8fba5385cd9227274ad01f82ab686122a7458ad3f93ec3a812ba59714a9f13ad5460898fc4a7df7d0da2f2ea8753a35da39eef7a6f4815dc8af984c241d

  • SSDEEP

    1536:pGf0nxvpDCA8jl2WffBJiXU+8KKPx9oGVZZLQqfQEX2IfOOQ/4BrGTI5Yxj:pGfwp2A88Wnd9K+LokZZsqfQETU/4kTn

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      fad7f4d28a55b1023374c639b47329727efb42d264ff83eb39b3529da4fbcd3c

    • Size

      90KB

    • MD5

      1a78f74d6655159d1d7dd72fd42ffed7

    • SHA1

      4130694b319b38b9bad95ac13c4080eb12055ab1

    • SHA256

      fad7f4d28a55b1023374c639b47329727efb42d264ff83eb39b3529da4fbcd3c

    • SHA512

      e32ad8fba5385cd9227274ad01f82ab686122a7458ad3f93ec3a812ba59714a9f13ad5460898fc4a7df7d0da2f2ea8753a35da39eef7a6f4815dc8af984c241d

    • SSDEEP

      1536:pGf0nxvpDCA8jl2WffBJiXU+8KKPx9oGVZZLQqfQEX2IfOOQ/4BrGTI5Yxj:pGfwp2A88Wnd9K+LokZZsqfQETU/4kTn

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks