Overview

overview

10

Static

static

3

b3666b0c2f...65.exe

windows7-x64

10

b3666b0c2f...65.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b3666b0c2f1c3f5cae540b43e5727ec1a5c78ffa64341b69a8bc3c4e3065d765.exe

  • Size

    265KB

  • Sample

    241222-jw7x4szrcq

  • MD5

    e11f558f1239bf7d4ccaa9ca3529e1d4

  • SHA1

    fe1ae36c7cb2fe73022d22cdf66a813e5d4e0cc8

  • SHA256

    b3666b0c2f1c3f5cae540b43e5727ec1a5c78ffa64341b69a8bc3c4e3065d765

  • SHA512

    61e6ca62fd76a79a4c5817abc6951fa38d16222b25424b6d531e0fa0edf11745cebd03ce5bdb65e3288b88a96890a78d61ddc3007a694921f0dec232033dae7f

  • SSDEEP

    6144:FTnENoTLp103ETiZ0moGP/2dga1mcyw7Iq:RndpScXwuR1mK7v

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b3666b0c2f1c3f5cae540b43e5727ec1a5c78ffa64341b69a8bc3c4e3065d765.exe

    • Size

      265KB

    • MD5

      e11f558f1239bf7d4ccaa9ca3529e1d4

    • SHA1

      fe1ae36c7cb2fe73022d22cdf66a813e5d4e0cc8

    • SHA256

      b3666b0c2f1c3f5cae540b43e5727ec1a5c78ffa64341b69a8bc3c4e3065d765

    • SHA512

      61e6ca62fd76a79a4c5817abc6951fa38d16222b25424b6d531e0fa0edf11745cebd03ce5bdb65e3288b88a96890a78d61ddc3007a694921f0dec232033dae7f

    • SSDEEP

      6144:FTnENoTLp103ETiZ0moGP/2dga1mcyw7Iq:RndpScXwuR1mK7v

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks