Overview

overview

10

Static

static

3

54885dfb4e...3N.exe

windows7-x64

10

54885dfb4e...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54885dfb4e2484c2ac59c0f0769d87494fe5c384a0e081d16efb0546524e3ad3N.exe

  • Size

    608KB

  • Sample

    241209-qp1c1stmfm

  • MD5

    d30a68393e1209210c6d611820a0e420

  • SHA1

    a7e4864b6f9b464f5a5efbbc38f24ee5437d5b0d

  • SHA256

    54885dfb4e2484c2ac59c0f0769d87494fe5c384a0e081d16efb0546524e3ad3

  • SHA512

    214e542a9c445e352c7cc51f5d2c5e779c7b3d27bbbf71f7edc0327b45ff971c4389735e1308be3729b84219dbe229da3d946c3ce42693ec06fdba7c7e9490ca

  • SSDEEP

    12288:EFkY660fIaDZkY660f8jTK/XhdAwlt01A:EFgsaDZgQjGkwlp

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      54885dfb4e2484c2ac59c0f0769d87494fe5c384a0e081d16efb0546524e3ad3N.exe

    • Size

      608KB

    • MD5

      d30a68393e1209210c6d611820a0e420

    • SHA1

      a7e4864b6f9b464f5a5efbbc38f24ee5437d5b0d

    • SHA256

      54885dfb4e2484c2ac59c0f0769d87494fe5c384a0e081d16efb0546524e3ad3

    • SHA512

      214e542a9c445e352c7cc51f5d2c5e779c7b3d27bbbf71f7edc0327b45ff971c4389735e1308be3729b84219dbe229da3d946c3ce42693ec06fdba7c7e9490ca

    • SSDEEP

      12288:EFkY660fIaDZkY660f8jTK/XhdAwlt01A:EFgsaDZgQjGkwlp

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks