Overview

overview

10

Static

static

3

288e8ec9a5...d2.exe

windows7-x64

10

288e8ec9a5...d2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    288e8ec9a534fa312c0a3b511e08c88b0e6b3e11e68c29801334dff41d3974d2.exe

  • Size

    74KB

  • Sample

    241222-qnlhgazkgy

  • MD5

    7f54666a52ccdafe33b5fea7cab0e278

  • SHA1

    0b7e5b42df04e2deba82bf04668c65b7d677a985

  • SHA256

    288e8ec9a534fa312c0a3b511e08c88b0e6b3e11e68c29801334dff41d3974d2

  • SHA512

    0149186daa24d4174d6f9a1ca5cd0920fe4cdb2a71c3da56e8204ebc2d566fe30b93f9bfa8f3fcb4ed46b8dd53285ca0a1682311c79823270f0a19d4be12c6be

  • SSDEEP

    1536:ZkC54PSuYxxfruVfwc2FqBVJJhhXbvoA4TIU1oVtAFdk+vfE:ZkC54quYxxfrGYcdJv74TXM+Fy+3E

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      288e8ec9a534fa312c0a3b511e08c88b0e6b3e11e68c29801334dff41d3974d2.exe

    • Size

      74KB

    • MD5

      7f54666a52ccdafe33b5fea7cab0e278

    • SHA1

      0b7e5b42df04e2deba82bf04668c65b7d677a985

    • SHA256

      288e8ec9a534fa312c0a3b511e08c88b0e6b3e11e68c29801334dff41d3974d2

    • SHA512

      0149186daa24d4174d6f9a1ca5cd0920fe4cdb2a71c3da56e8204ebc2d566fe30b93f9bfa8f3fcb4ed46b8dd53285ca0a1682311c79823270f0a19d4be12c6be

    • SSDEEP

      1536:ZkC54PSuYxxfruVfwc2FqBVJJhhXbvoA4TIU1oVtAFdk+vfE:ZkC54quYxxfrGYcdJv74TXM+Fy+3E

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks