Overview

overview

10

Static

static

3

0e80027831...9a.exe

windows7-x64

10

0e80027831...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e80027831c583c8558fe56817c1786303fa2d9e90c2579f7b528b1491c3b69a

  • Size

    92KB

  • Sample

    241222-ye3pdsxmbr

  • MD5

    db890b9f5a942175c3ffbc41d30813ec

  • SHA1

    aed3943cab03a1c940ed265bd9889b4edd78b4c6

  • SHA256

    0e80027831c583c8558fe56817c1786303fa2d9e90c2579f7b528b1491c3b69a

  • SHA512

    a2247fb408d0573ec5556830028426d335e1ccf3383997aed205ffaa21db0cbf64013ef916440674bb8c03ebfdf7144b346036114930cd35ada172cf368c8f84

  • SSDEEP

    1536:8o2pUFj8q5gRvLMTU8YnxvcCe3wJQBSqQ2OvQM/6mx7O6nKQrUoR24HsU3:xIq5mMTqtcCe3HBC5Y6THsW

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0e80027831c583c8558fe56817c1786303fa2d9e90c2579f7b528b1491c3b69a

    • Size

      92KB

    • MD5

      db890b9f5a942175c3ffbc41d30813ec

    • SHA1

      aed3943cab03a1c940ed265bd9889b4edd78b4c6

    • SHA256

      0e80027831c583c8558fe56817c1786303fa2d9e90c2579f7b528b1491c3b69a

    • SHA512

      a2247fb408d0573ec5556830028426d335e1ccf3383997aed205ffaa21db0cbf64013ef916440674bb8c03ebfdf7144b346036114930cd35ada172cf368c8f84

    • SSDEEP

      1536:8o2pUFj8q5gRvLMTU8YnxvcCe3wJQBSqQ2OvQM/6mx7O6nKQrUoR24HsU3:xIq5mMTqtcCe3HBC5Y6THsW

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks