Overview

overview

10

Static

static

3

79a46c829a...48.exe

windows7-x64

10

79a46c829a...48.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79a46c829aca14962a0e9c2c9affa3a78c93118482f12260d52f098151431648

  • Size

    93KB

  • Sample

    241222-3ynrsssjhy

  • MD5

    8a7258d6f109999bf01bc6a5ec34bc24

  • SHA1

    106ee611d9f868bf4ce5254bb09265d4d190d7d2

  • SHA256

    79a46c829aca14962a0e9c2c9affa3a78c93118482f12260d52f098151431648

  • SHA512

    759d2ed74bf3ec13c4493a3423e3f2b206e0e6e55a6e13c7a774bc228e8ebd539e1712b7988842e994a52990bdc65405c41600b91a6e4d049ca9095327001f0d

  • SSDEEP

    1536:uwueC+zIcp+Bd9RXelVQtEmXgmPybJOajs473q5z1saMiwihtIbbpkp:uwJ6cp+Bd9Ne3Qa9bMHj5hdMiwaIbbp4

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      79a46c829aca14962a0e9c2c9affa3a78c93118482f12260d52f098151431648

    • Size

      93KB

    • MD5

      8a7258d6f109999bf01bc6a5ec34bc24

    • SHA1

      106ee611d9f868bf4ce5254bb09265d4d190d7d2

    • SHA256

      79a46c829aca14962a0e9c2c9affa3a78c93118482f12260d52f098151431648

    • SHA512

      759d2ed74bf3ec13c4493a3423e3f2b206e0e6e55a6e13c7a774bc228e8ebd539e1712b7988842e994a52990bdc65405c41600b91a6e4d049ca9095327001f0d

    • SSDEEP

      1536:uwueC+zIcp+Bd9RXelVQtEmXgmPybJOajs473q5z1saMiwihtIbbpkp:uwJ6cp+Bd9Ne3Qa9bMHj5hdMiwaIbbp4

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks