Overview

overview

10

Static

static

3

9ac612d513...52.exe

windows7-x64

10

9ac612d513...52.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ac612d5134977c66f13b17ec526bb54f069a45f681be4e072154b23b9a6b052

  • Size

    77KB

  • Sample

    241223-bmdnxatjct

  • MD5

    c349612717767bf4eb1882dc46acef41

  • SHA1

    1c62ad8208973336c6ee390b406c6e75e1bfb764

  • SHA256

    9ac612d5134977c66f13b17ec526bb54f069a45f681be4e072154b23b9a6b052

  • SHA512

    f09dd7d2cbdd7b406a7c77d91998ee90bf65de0e6409553c28f5e1cf0d94d555f5c3deb8430f607242ea7a90b0bb48d51f1bb19550de38c89769f68ecfb723df

  • SSDEEP

    768:eOUmnCjRnVTfFdgTJ61U7WGCyk7OCkJ0+AJzO1z2VQiBD6pJSKh2Xwv2cAv8Q5oq:eOHuvfFdT1ICyk7sJNAggWwXwv2B5

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9ac612d5134977c66f13b17ec526bb54f069a45f681be4e072154b23b9a6b052

    • Size

      77KB

    • MD5

      c349612717767bf4eb1882dc46acef41

    • SHA1

      1c62ad8208973336c6ee390b406c6e75e1bfb764

    • SHA256

      9ac612d5134977c66f13b17ec526bb54f069a45f681be4e072154b23b9a6b052

    • SHA512

      f09dd7d2cbdd7b406a7c77d91998ee90bf65de0e6409553c28f5e1cf0d94d555f5c3deb8430f607242ea7a90b0bb48d51f1bb19550de38c89769f68ecfb723df

    • SSDEEP

      768:eOUmnCjRnVTfFdgTJ61U7WGCyk7OCkJ0+AJzO1z2VQiBD6pJSKh2Xwv2cAv8Q5oq:eOHuvfFdT1ICyk7sJNAggWwXwv2B5

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks