Overview

overview

10

Static

static

3

03fbccfda6...2c.exe

windows7-x64

10

03fbccfda6...2c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03fbccfda62d178a470debd55898c6229c9e715c071f6fca7729d83c2856682c

  • Size

    90KB

  • Sample

    241222-xwmttswldx

  • MD5

    8a5c9eacf40b0ab940deabba7cd9ba2a

  • SHA1

    182e6dfaa068b8276546c7298a670fedc58d235a

  • SHA256

    03fbccfda62d178a470debd55898c6229c9e715c071f6fca7729d83c2856682c

  • SHA512

    8da5b793c4afafda5375292119e3fa8a684895a64999922b4c8d4b54bb6b5d47ecf1b95639703de4c5533725431a67ae76256b3926bc5c5332e6fd18dbeea3fa

  • SSDEEP

    1536:06QcWuj0GIFuw38pqQzq0AbMNqmbABXG1JA8l+GXu/Ub0VkVNK:06pWuj0JT8Tzq0AbMNyEt4GXu/Ub0+NK

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      03fbccfda62d178a470debd55898c6229c9e715c071f6fca7729d83c2856682c

    • Size

      90KB

    • MD5

      8a5c9eacf40b0ab940deabba7cd9ba2a

    • SHA1

      182e6dfaa068b8276546c7298a670fedc58d235a

    • SHA256

      03fbccfda62d178a470debd55898c6229c9e715c071f6fca7729d83c2856682c

    • SHA512

      8da5b793c4afafda5375292119e3fa8a684895a64999922b4c8d4b54bb6b5d47ecf1b95639703de4c5533725431a67ae76256b3926bc5c5332e6fd18dbeea3fa

    • SSDEEP

      1536:06QcWuj0GIFuw38pqQzq0AbMNqmbABXG1JA8l+GXu/Ub0VkVNK:06pWuj0JT8Tzq0AbMNyEt4GXu/Ub0+NK

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks