Overview

overview

10

Static

static

10

0778966abf...eN.exe

windows7-x64

10

0778966abf...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0778966abf7e9041dd465463f9cbe2d78f102571537624d4016e8061bcffd41eN.exe

  • Size

    276KB

  • Sample

    241222-kd71ts1lb1

  • MD5

    b91d53d2e8151bdad29b63d4e20d2ca0

  • SHA1

    a775f7c7a3526f589c1ff60e82bf649f73e77cd9

  • SHA256

    0778966abf7e9041dd465463f9cbe2d78f102571537624d4016e8061bcffd41e

  • SHA512

    f72298c4d4f830c79082f9c04f114060cfec7c7edbc26b99ebcb6e3d24867fef9ecdeb45d2c16fc7d1df9136dbc82e80914fb55faafa8f50cf0ca245779ff463

  • SSDEEP

    6144:VdnmpdZB+U8mdZMGXF5ahdt3rM8d7TtLa:VdnmjswXFWtJ9O

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0778966abf7e9041dd465463f9cbe2d78f102571537624d4016e8061bcffd41eN.exe

    • Size

      276KB

    • MD5

      b91d53d2e8151bdad29b63d4e20d2ca0

    • SHA1

      a775f7c7a3526f589c1ff60e82bf649f73e77cd9

    • SHA256

      0778966abf7e9041dd465463f9cbe2d78f102571537624d4016e8061bcffd41e

    • SHA512

      f72298c4d4f830c79082f9c04f114060cfec7c7edbc26b99ebcb6e3d24867fef9ecdeb45d2c16fc7d1df9136dbc82e80914fb55faafa8f50cf0ca245779ff463

    • SSDEEP

      6144:VdnmpdZB+U8mdZMGXF5ahdt3rM8d7TtLa:VdnmjswXFWtJ9O

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks