Overview

overview

10

Static

static

3

36d1458d9a...e7.exe

windows7-x64

10

36d1458d9a...e7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36d1458d9ae992444e1fd33568d0f4f615b47c800196e0dfd22b6925c0429fe7

  • Size

    96KB

  • Sample

    241222-z756nazmcn

  • MD5

    282260413d4e4c2266e6df59f3bbf40a

  • SHA1

    91d755b9f51db6438fadda7b8d56e0804b9e6440

  • SHA256

    36d1458d9ae992444e1fd33568d0f4f615b47c800196e0dfd22b6925c0429fe7

  • SHA512

    d8bacbcbf48c8db75ce0b517a7767872a8edacae8d10ef17d0cfe2aa3b64e4b1bd3217ae130ec677c1dcc136692c8670db4ff5fca8577c7150de5eae2d7cc451

  • SSDEEP

    1536:9aQjdGUUPx3qQcRVlaYXdhOiLI+0S70craaYBIkBVzjp2RdpUBNVBNvaIFUmSVK3:9aQ50PxGRWJixKcmL/rNV/XnSd69jc0X

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      36d1458d9ae992444e1fd33568d0f4f615b47c800196e0dfd22b6925c0429fe7

    • Size

      96KB

    • MD5

      282260413d4e4c2266e6df59f3bbf40a

    • SHA1

      91d755b9f51db6438fadda7b8d56e0804b9e6440

    • SHA256

      36d1458d9ae992444e1fd33568d0f4f615b47c800196e0dfd22b6925c0429fe7

    • SHA512

      d8bacbcbf48c8db75ce0b517a7767872a8edacae8d10ef17d0cfe2aa3b64e4b1bd3217ae130ec677c1dcc136692c8670db4ff5fca8577c7150de5eae2d7cc451

    • SSDEEP

      1536:9aQjdGUUPx3qQcRVlaYXdhOiLI+0S70craaYBIkBVzjp2RdpUBNVBNvaIFUmSVK3:9aQ50PxGRWJixKcmL/rNV/XnSd69jc0X

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks