Overview

overview

10

Static

static

10

15a457287b...5d.exe

windows7-x64

10

15a457287b...5d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15a457287b4e53a9d62bd4ecd8dd061aba130b98cb975bd4a41c6a1ea666c15d

  • Size

    224KB

  • Sample

    241222-yrt8saxqcm

  • MD5

    bcadcbf1640c89f24854c0dca3e588ab

  • SHA1

    ffbe4ffc89e1abb3ab1bebfba51bdcab596f8627

  • SHA256

    15a457287b4e53a9d62bd4ecd8dd061aba130b98cb975bd4a41c6a1ea666c15d

  • SHA512

    01b15f27d46a34a7b2524e8d1fefe88c0cd908aa1512e3859c0367281ff6dec5c4d0db6272641d4ee2d5ee9043e0a3122eeb4b16817d863e259fda8036558632

  • SSDEEP

    6144:bFH2J6fWFF8s4rQD85k/hQO+zrWnAdqjeOpKff:RSKsarQg5W/+zrWAI5KH

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      15a457287b4e53a9d62bd4ecd8dd061aba130b98cb975bd4a41c6a1ea666c15d

    • Size

      224KB

    • MD5

      bcadcbf1640c89f24854c0dca3e588ab

    • SHA1

      ffbe4ffc89e1abb3ab1bebfba51bdcab596f8627

    • SHA256

      15a457287b4e53a9d62bd4ecd8dd061aba130b98cb975bd4a41c6a1ea666c15d

    • SHA512

      01b15f27d46a34a7b2524e8d1fefe88c0cd908aa1512e3859c0367281ff6dec5c4d0db6272641d4ee2d5ee9043e0a3122eeb4b16817d863e259fda8036558632

    • SSDEEP

      6144:bFH2J6fWFF8s4rQD85k/hQO+zrWnAdqjeOpKff:RSKsarQg5W/+zrWAI5KH

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks