Overview

overview

10

Static

static

3

c6b1b41f9f...45.exe

windows7-x64

10

c6b1b41f9f...45.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6b1b41f9f4295e6a8fbe4abdbfc6ec5874bef920cae394eb29e382bdbc8b545

  • Size

    95KB

  • Sample

    241210-a9a1vssngl

  • MD5

    1841187b6f60ad3bc49fb49a7c5896d8

  • SHA1

    25d30a6786024cb30b37581c11ffee05bb22a14f

  • SHA256

    c6b1b41f9f4295e6a8fbe4abdbfc6ec5874bef920cae394eb29e382bdbc8b545

  • SHA512

    4cb1406347778eea978a2b939285d9347fc81590ff592e15ec233c606c8470ef4218f01c1efba8b68bb6bff8560729771b9411dec27aa76773b5038657c037dd

  • SSDEEP

    1536:cfALph4NquQ7eos4EfgpmpEOSVSL0jyp9Xl4S+pg2yu8yzr4MAbgpRoLyuYKOM68:cf+GNHos4EfgpmedBEhp2yPyP4Mtu7DD

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c6b1b41f9f4295e6a8fbe4abdbfc6ec5874bef920cae394eb29e382bdbc8b545

    • Size

      95KB

    • MD5

      1841187b6f60ad3bc49fb49a7c5896d8

    • SHA1

      25d30a6786024cb30b37581c11ffee05bb22a14f

    • SHA256

      c6b1b41f9f4295e6a8fbe4abdbfc6ec5874bef920cae394eb29e382bdbc8b545

    • SHA512

      4cb1406347778eea978a2b939285d9347fc81590ff592e15ec233c606c8470ef4218f01c1efba8b68bb6bff8560729771b9411dec27aa76773b5038657c037dd

    • SSDEEP

      1536:cfALph4NquQ7eos4EfgpmpEOSVSL0jyp9Xl4S+pg2yu8yzr4MAbgpRoLyuYKOM68:cf+GNHos4EfgpmedBEhp2yPyP4Mtu7DD

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks