Overview

overview

10

Static

static

10

b6fedd1463...5N.exe

windows7-x64

10

b6fedd1463...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6fedd1463f8f89d15e6bdf0b0158a6cbff4bbc1df57374991ef01b4115b85a5N.exe

  • Size

    276KB

  • Sample

    241222-ms3qrsvqfn

  • MD5

    21011eed1777e016ad3fbe4d5b1b36a0

  • SHA1

    aa328b9fd8ecc23fd7734e513a2f91d5d6cd0e4d

  • SHA256

    b6fedd1463f8f89d15e6bdf0b0158a6cbff4bbc1df57374991ef01b4115b85a5

  • SHA512

    fcccb9f63d559ca337aaffb3518286d6f1015f1d0743981e67de9ee71710d121a865858308bae38af98b9f617a09920f330e399357575b0b0577b6bc146c3fc7

  • SSDEEP

    3072:BcCWT42nCGrkIPELRaeS5pAgYIqGvJ6887lbyMGjXF1kqaholmtbCQVDrM8d7wM8:BcC7OEVadZMGXF5ahdt3rM8d7TtLa

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b6fedd1463f8f89d15e6bdf0b0158a6cbff4bbc1df57374991ef01b4115b85a5N.exe

    • Size

      276KB

    • MD5

      21011eed1777e016ad3fbe4d5b1b36a0

    • SHA1

      aa328b9fd8ecc23fd7734e513a2f91d5d6cd0e4d

    • SHA256

      b6fedd1463f8f89d15e6bdf0b0158a6cbff4bbc1df57374991ef01b4115b85a5

    • SHA512

      fcccb9f63d559ca337aaffb3518286d6f1015f1d0743981e67de9ee71710d121a865858308bae38af98b9f617a09920f330e399357575b0b0577b6bc146c3fc7

    • SSDEEP

      3072:BcCWT42nCGrkIPELRaeS5pAgYIqGvJ6887lbyMGjXF1kqaholmtbCQVDrM8d7wM8:BcC7OEVadZMGXF5ahdt3rM8d7TtLa

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks