Overview

overview

10

Static

static

10

f31a2f912b...eN.exe

windows7-x64

10

f31a2f912b...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f31a2f912b16530fe1b6a6656f6371ca4c34d6ffe3aede73544ffe82cfa5bd3eN.exe

  • Size

    582KB

  • Sample

    241222-qtlqeszmh1

  • MD5

    a38d9a78bffa3ccb3fe9cb250381d220

  • SHA1

    72e204f01e899f84a2b3cbbc299622d982aa8d1e

  • SHA256

    f31a2f912b16530fe1b6a6656f6371ca4c34d6ffe3aede73544ffe82cfa5bd3e

  • SHA512

    6c924f8ac7f2c850d10406cbc59c409031fcc6f06b780317a8f74ba33aff0a848234a2dbfe331ea4e9f371b339664cf08527c408e1b1530c3db24687079b95d0

  • SSDEEP

    12288:GCJg7WuYNrekcPYNrq6+gmCAYNrekcPYNrB:9uakaF+gqakad

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f31a2f912b16530fe1b6a6656f6371ca4c34d6ffe3aede73544ffe82cfa5bd3eN.exe

    • Size

      582KB

    • MD5

      a38d9a78bffa3ccb3fe9cb250381d220

    • SHA1

      72e204f01e899f84a2b3cbbc299622d982aa8d1e

    • SHA256

      f31a2f912b16530fe1b6a6656f6371ca4c34d6ffe3aede73544ffe82cfa5bd3e

    • SHA512

      6c924f8ac7f2c850d10406cbc59c409031fcc6f06b780317a8f74ba33aff0a848234a2dbfe331ea4e9f371b339664cf08527c408e1b1530c3db24687079b95d0

    • SSDEEP

      12288:GCJg7WuYNrekcPYNrq6+gmCAYNrekcPYNrB:9uakaF+gqakad

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks