Overview

overview

10

Static

static

10

4cfe6873b3...5N.exe

windows7-x64

10

4cfe6873b3...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4cfe6873b3adc59f3e2397939bbbd20a94859a63bcaddacbb71e0fc478e47be5N.exe

  • Size

    136KB

  • Sample

    241222-my1hlavpet

  • MD5

    8302cc1adc0a5ae9f4a2877b6b5d07b0

  • SHA1

    55c62acc444b8410ab57b22df6742346f93d05bc

  • SHA256

    4cfe6873b3adc59f3e2397939bbbd20a94859a63bcaddacbb71e0fc478e47be5

  • SHA512

    b8e6a79dfa06f1a0f9109f0c8ad8f40246c4c1afd6a90ea148f982bd94c184534972e80255bb6ac75072c43859b8fb90806ba7ae41bd812786e322c936f8d0e0

  • SSDEEP

    1536:7hnf2q6W/Jck+lk0TW6wmariCstZhDeM7n2nDVHttgt033Rxjz0cZ44mjD9r8230:YPji0T8mrtnpeMwWt03BWi/mjRrz3OT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4cfe6873b3adc59f3e2397939bbbd20a94859a63bcaddacbb71e0fc478e47be5N.exe

    • Size

      136KB

    • MD5

      8302cc1adc0a5ae9f4a2877b6b5d07b0

    • SHA1

      55c62acc444b8410ab57b22df6742346f93d05bc

    • SHA256

      4cfe6873b3adc59f3e2397939bbbd20a94859a63bcaddacbb71e0fc478e47be5

    • SHA512

      b8e6a79dfa06f1a0f9109f0c8ad8f40246c4c1afd6a90ea148f982bd94c184534972e80255bb6ac75072c43859b8fb90806ba7ae41bd812786e322c936f8d0e0

    • SSDEEP

      1536:7hnf2q6W/Jck+lk0TW6wmariCstZhDeM7n2nDVHttgt033Rxjz0cZ44mjD9r8230:YPji0T8mrtnpeMwWt03BWi/mjRrz3OT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks