Overview

overview

10

Static

static

3

6643f8ec2c...23.exe

windows7-x64

10

6643f8ec2c...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6643f8ec2c5fb3d370a4a0a582b5e9262dde9d65f3a91299adf71639da945f23.exe

  • Size

    88KB

  • Sample

    241222-qy5n4aznhy

  • MD5

    85e2326312ac6bf53c2cad3c1a3802eb

  • SHA1

    bdcc8a9acab43798558ee8b32dc21b32a0628310

  • SHA256

    6643f8ec2c5fb3d370a4a0a582b5e9262dde9d65f3a91299adf71639da945f23

  • SHA512

    2f9f961fc8582b8f2ae7b2355d6cb26bfc167d281aac9f13ff46bf05c4a550be6310c5c5679c4ea99d7334c0b3a8e248cf7eaf84f987e8fc596a1d6598c57007

  • SSDEEP

    1536:wDFCc9ro333Eiy3mJktsZ8x2DWtO5gcOK2c+AeA05sPPrjAbjgY2lz9XnlLMnouH:wDZk333Ei8ntx2Kw5guP+AeA05sPPrj8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6643f8ec2c5fb3d370a4a0a582b5e9262dde9d65f3a91299adf71639da945f23.exe

    • Size

      88KB

    • MD5

      85e2326312ac6bf53c2cad3c1a3802eb

    • SHA1

      bdcc8a9acab43798558ee8b32dc21b32a0628310

    • SHA256

      6643f8ec2c5fb3d370a4a0a582b5e9262dde9d65f3a91299adf71639da945f23

    • SHA512

      2f9f961fc8582b8f2ae7b2355d6cb26bfc167d281aac9f13ff46bf05c4a550be6310c5c5679c4ea99d7334c0b3a8e248cf7eaf84f987e8fc596a1d6598c57007

    • SSDEEP

      1536:wDFCc9ro333Eiy3mJktsZ8x2DWtO5gcOK2c+AeA05sPPrjAbjgY2lz9XnlLMnouH:wDZk333Ei8ntx2Kw5guP+AeA05sPPrj8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks