Overview

overview

10

Static

static

10

a181ac3a90...aN.exe

windows7-x64

10

a181ac3a90...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a181ac3a9099f2c4ec7bbb634f15d76cf319dd31763dec99fab05a01c153e5baN.exe

  • Size

    280KB

  • Sample

    241222-scab6s1qb1

  • MD5

    e99033e02e825e27629f90cd27681e80

  • SHA1

    53d6545f4127b44c5c72f96794f15048726c4696

  • SHA256

    a181ac3a9099f2c4ec7bbb634f15d76cf319dd31763dec99fab05a01c153e5ba

  • SHA512

    aec73b93bd379c61c8905204ab66a990cf144146008ba4112c31750c9c9684174e930492984dd177f0c388957dcc6640eb4e6f0c397184821e16d972db1e309a

  • SSDEEP

    6144:fUp2nG++/i/GOORjMmRUoooooooooooooooooooooooooy/G3:cplFi//OVLCooooooooooooooooooooa

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a181ac3a9099f2c4ec7bbb634f15d76cf319dd31763dec99fab05a01c153e5baN.exe

    • Size

      280KB

    • MD5

      e99033e02e825e27629f90cd27681e80

    • SHA1

      53d6545f4127b44c5c72f96794f15048726c4696

    • SHA256

      a181ac3a9099f2c4ec7bbb634f15d76cf319dd31763dec99fab05a01c153e5ba

    • SHA512

      aec73b93bd379c61c8905204ab66a990cf144146008ba4112c31750c9c9684174e930492984dd177f0c388957dcc6640eb4e6f0c397184821e16d972db1e309a

    • SSDEEP

      6144:fUp2nG++/i/GOORjMmRUoooooooooooooooooooooooooy/G3:cplFi//OVLCooooooooooooooooooooa

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks