Overview

overview

10

Static

static

3

6bbcf30fd4...9N.exe

windows7-x64

10

6bbcf30fd4...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6bbcf30fd41e76e249d1363a6b6e766d9fd441517b0d0e565e20fa245096bc89N.exe

  • Size

    72KB

  • Sample

    241222-k5sp8aslaz

  • MD5

    49e6341b237c8fdf24bf2e520e5b7700

  • SHA1

    5dd12604ed4939ee7902b3a7c781466fbf429f08

  • SHA256

    6bbcf30fd41e76e249d1363a6b6e766d9fd441517b0d0e565e20fa245096bc89

  • SHA512

    dd896c0db63c3e1774ccbedf9da3d78b667152e1f8b7d3f36ea7bba8846852daf8c6ff92d0d9067568abdeed11d899e7b0d31c0e80cb43a5edec5a05af7accd8

  • SSDEEP

    1536:dVR93rY/HoERMu6CRM6/C8us5W0PwHwKJs7:d/93jo5RD/01uMHY

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6bbcf30fd41e76e249d1363a6b6e766d9fd441517b0d0e565e20fa245096bc89N.exe

    • Size

      72KB

    • MD5

      49e6341b237c8fdf24bf2e520e5b7700

    • SHA1

      5dd12604ed4939ee7902b3a7c781466fbf429f08

    • SHA256

      6bbcf30fd41e76e249d1363a6b6e766d9fd441517b0d0e565e20fa245096bc89

    • SHA512

      dd896c0db63c3e1774ccbedf9da3d78b667152e1f8b7d3f36ea7bba8846852daf8c6ff92d0d9067568abdeed11d899e7b0d31c0e80cb43a5edec5a05af7accd8

    • SSDEEP

      1536:dVR93rY/HoERMu6CRM6/C8us5W0PwHwKJs7:d/93jo5RD/01uMHY

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks