Overview

overview

10

Static

static

3

584b9841f4...55.exe

windows7-x64

10

584b9841f4...55.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    584b9841f42781d116dcca94bfc47571dc284da65f0418b9e07b90a41a4dfa55

  • Size

    760KB

  • Sample

    241222-2ldwds1ldx

  • MD5

    5348ffddc67f9e6dea697a1862d6a2a4

  • SHA1

    e183a8c864091f0a382753092ee6fc404d22e0bf

  • SHA256

    584b9841f42781d116dcca94bfc47571dc284da65f0418b9e07b90a41a4dfa55

  • SHA512

    94dd18ebc15ca816d37b6d4a26a74072e38904156640037f26f278b5b6e588e93a35696e92e744785c3e7bfe14bb3d585ff81a6cda8ac84fc00de02012607529

  • SSDEEP

    12288:L0jDc3cOK3NPh2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiRLsq:ojDcyNPh2kkkkK4kXkkkkkkkkhLx

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      584b9841f42781d116dcca94bfc47571dc284da65f0418b9e07b90a41a4dfa55

    • Size

      760KB

    • MD5

      5348ffddc67f9e6dea697a1862d6a2a4

    • SHA1

      e183a8c864091f0a382753092ee6fc404d22e0bf

    • SHA256

      584b9841f42781d116dcca94bfc47571dc284da65f0418b9e07b90a41a4dfa55

    • SHA512

      94dd18ebc15ca816d37b6d4a26a74072e38904156640037f26f278b5b6e588e93a35696e92e744785c3e7bfe14bb3d585ff81a6cda8ac84fc00de02012607529

    • SSDEEP

      12288:L0jDc3cOK3NPh2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiRLsq:ojDcyNPh2kkkkK4kXkkkkkkkkhLx

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks