Overview

overview

10

Static

static

10

b25142dc15...9a.exe

windows7-x64

10

b25142dc15...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b25142dc155348ef834d05c1e3bb0aa6769ed77e07cef347db95f6bd6cef8d9a.exe

  • Size

    277KB

  • Sample

    241222-gtnqcaxkep

  • MD5

    7e7aa32597c8fac41228e49a8b975b42

  • SHA1

    601f671321b0aef63b546e12e0b18891bb62fc64

  • SHA256

    b25142dc155348ef834d05c1e3bb0aa6769ed77e07cef347db95f6bd6cef8d9a

  • SHA512

    3000e491723122db38a0c4ef047f0270551f77f870dc674dcac93b7b2318742044f3a32d2aafca6e158c04a9e7224d96978c032c615a16bc455e7fab23f0a243

  • SSDEEP

    3072:KrGk+wlurfH01vyz8GIoyQeS5pAgYIqGvJ6887lbyMGjXF1kqaholmtbCQVDrM8G:KCk+wlubO5QdZMGXF5ahdt3rM8d7TtLK

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b25142dc155348ef834d05c1e3bb0aa6769ed77e07cef347db95f6bd6cef8d9a.exe

    • Size

      277KB

    • MD5

      7e7aa32597c8fac41228e49a8b975b42

    • SHA1

      601f671321b0aef63b546e12e0b18891bb62fc64

    • SHA256

      b25142dc155348ef834d05c1e3bb0aa6769ed77e07cef347db95f6bd6cef8d9a

    • SHA512

      3000e491723122db38a0c4ef047f0270551f77f870dc674dcac93b7b2318742044f3a32d2aafca6e158c04a9e7224d96978c032c615a16bc455e7fab23f0a243

    • SSDEEP

      3072:KrGk+wlurfH01vyz8GIoyQeS5pAgYIqGvJ6887lbyMGjXF1kqaholmtbCQVDrM8G:KCk+wlubO5QdZMGXF5ahdt3rM8d7TtLK

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks