Overview

overview

10

Static

static

10

b1a24b146f...5e.exe

windows7-x64

10

b1a24b146f...5e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1a24b146fc0356adb08aab178a8d372e8e93a98da5282f66c5430201462855e.exe

  • Size

    448KB

  • Sample

    241222-prd25aymgl

  • MD5

    d6c871151298e8bbf91d2b6a0a956820

  • SHA1

    906561456d8c8d0560fd7bb902e8f2e5b6facdf0

  • SHA256

    b1a24b146fc0356adb08aab178a8d372e8e93a98da5282f66c5430201462855e

  • SHA512

    02bae00f856a55e47931aa9765fd35b7fabb38898e7eeebbddbc3bd4eab579dbb868239dd31b4b97cb6aef8d132c8ae1a6158bf431c1e0079c5a67ece292cb13

  • SSDEEP

    6144:Bpf9InTXacIxiLUmKyIxLDXXoq9FJZCUmKyIxL4:jynTXar832XXf9Do35

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b1a24b146fc0356adb08aab178a8d372e8e93a98da5282f66c5430201462855e.exe

    • Size

      448KB

    • MD5

      d6c871151298e8bbf91d2b6a0a956820

    • SHA1

      906561456d8c8d0560fd7bb902e8f2e5b6facdf0

    • SHA256

      b1a24b146fc0356adb08aab178a8d372e8e93a98da5282f66c5430201462855e

    • SHA512

      02bae00f856a55e47931aa9765fd35b7fabb38898e7eeebbddbc3bd4eab579dbb868239dd31b4b97cb6aef8d132c8ae1a6158bf431c1e0079c5a67ece292cb13

    • SSDEEP

      6144:Bpf9InTXacIxiLUmKyIxLDXXoq9FJZCUmKyIxL4:jynTXar832XXf9Do35

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks