Overview

overview

10

Static

static

10

74e6a1cdcc...3e.exe

windows7-x64

10

74e6a1cdcc...3e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74e6a1cdcc9dd1d9927f728f82baf603955a8ff5250f76e966d2e63c3286143e

  • Size

    121KB

  • Sample

    241222-3r2p3sslap

  • MD5

    cf933ce3c9151ff5fcfd38138abe5db8

  • SHA1

    38e733a6f7d042ee6c6a14b5bde7921b80f57e84

  • SHA256

    74e6a1cdcc9dd1d9927f728f82baf603955a8ff5250f76e966d2e63c3286143e

  • SHA512

    96cc3f72c7d8a3588a60a5c88c704c6851f2eee6e96adaee328498049b0d7ee75c408a3ad94e2d7b57a168b5916fd1118a2b077eac7df82eab65a93b2011c76b

  • SSDEEP

    3072:Pj6nf25TdgOVrkBmogU8zuTeyI7O7AJnD5tvv:PbTdjYBmogU8zuTed7Oarvv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      74e6a1cdcc9dd1d9927f728f82baf603955a8ff5250f76e966d2e63c3286143e

    • Size

      121KB

    • MD5

      cf933ce3c9151ff5fcfd38138abe5db8

    • SHA1

      38e733a6f7d042ee6c6a14b5bde7921b80f57e84

    • SHA256

      74e6a1cdcc9dd1d9927f728f82baf603955a8ff5250f76e966d2e63c3286143e

    • SHA512

      96cc3f72c7d8a3588a60a5c88c704c6851f2eee6e96adaee328498049b0d7ee75c408a3ad94e2d7b57a168b5916fd1118a2b077eac7df82eab65a93b2011c76b

    • SSDEEP

      3072:Pj6nf25TdgOVrkBmogU8zuTeyI7O7AJnD5tvv:PbTdjYBmogU8zuTed7Oarvv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks