Overview

overview

10

Static

static

3

0ecaec9c08...91.exe

windows7-x64

10

0ecaec9c08...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ecaec9c08ba3222cc5305f449ab58a68c8a1ce4112221e81d219bb3d0f1bb91

  • Size

    93KB

  • Sample

    241222-ye6q2sxmcl

  • MD5

    afade22312e3a31aa65c73e69bff69f5

  • SHA1

    d461cee5b71c2ec522f1c629d2fa03595513de84

  • SHA256

    0ecaec9c08ba3222cc5305f449ab58a68c8a1ce4112221e81d219bb3d0f1bb91

  • SHA512

    7fc472c4e65fbbdb41d2692fc92f73d45a19cbf957f8f8ffd70dc8f8471665f73ee7924724b6415def1a86bc50079831c79f64ff1d536e0596d2908c77e0115a

  • SSDEEP

    1536:7O4HePFVvQIrO8lB48GUqxq4ff+ldQ5kV5eV9YbNJTYjiwg58t:7O1s+z4qmGzQ54wc8Y58t

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0ecaec9c08ba3222cc5305f449ab58a68c8a1ce4112221e81d219bb3d0f1bb91

    • Size

      93KB

    • MD5

      afade22312e3a31aa65c73e69bff69f5

    • SHA1

      d461cee5b71c2ec522f1c629d2fa03595513de84

    • SHA256

      0ecaec9c08ba3222cc5305f449ab58a68c8a1ce4112221e81d219bb3d0f1bb91

    • SHA512

      7fc472c4e65fbbdb41d2692fc92f73d45a19cbf957f8f8ffd70dc8f8471665f73ee7924724b6415def1a86bc50079831c79f64ff1d536e0596d2908c77e0115a

    • SSDEEP

      1536:7O4HePFVvQIrO8lB48GUqxq4ff+ldQ5kV5eV9YbNJTYjiwg58t:7O1s+z4qmGzQ54wc8Y58t

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks