Overview

overview

10

Static

static

3

461a1790e6...7d.exe

windows7-x64

10

461a1790e6...7d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    461a1790e650f27df7dbf442cec8cf044f30649d4884b2fae2968b2d7f35827d

  • Size

    96KB

  • Sample

    241222-1t47wazqdx

  • MD5

    996b7a4dcc6263aea34b58ea7f4be3a9

  • SHA1

    23d4b0293b390e8c840b44803b53887331dc7089

  • SHA256

    461a1790e650f27df7dbf442cec8cf044f30649d4884b2fae2968b2d7f35827d

  • SHA512

    4ceb37e9977655282e1039a0ba59648e6fb0bfde8b18d252360dd4bb509bb2254965e4a0f5b0e072c6b72011f3457f17cfd0d0b39c0a4463dcbae85caa5b8799

  • SSDEEP

    1536:u44rUXCAP26cSIsu0ShznstAoFBUTbnI2zgFoXhih1Wu2GAbduV9jojTIvjrH:u4IUXm6/Isu0KErDUTzI1oXIh1Wu2GAq

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      461a1790e650f27df7dbf442cec8cf044f30649d4884b2fae2968b2d7f35827d

    • Size

      96KB

    • MD5

      996b7a4dcc6263aea34b58ea7f4be3a9

    • SHA1

      23d4b0293b390e8c840b44803b53887331dc7089

    • SHA256

      461a1790e650f27df7dbf442cec8cf044f30649d4884b2fae2968b2d7f35827d

    • SHA512

      4ceb37e9977655282e1039a0ba59648e6fb0bfde8b18d252360dd4bb509bb2254965e4a0f5b0e072c6b72011f3457f17cfd0d0b39c0a4463dcbae85caa5b8799

    • SSDEEP

      1536:u44rUXCAP26cSIsu0ShznstAoFBUTbnI2zgFoXhih1Wu2GAbduV9jojTIvjrH:u4IUXm6/Isu0KErDUTzI1oXIh1Wu2GAq

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks