Overview

overview

10

Static

static

3

ea23d4f71b...51.exe

windows7-x64

10

ea23d4f71b...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea23d4f71b2daffbfc2a07d28665a3172349c2e8e77464e60d0bc83cd75fa651

  • Size

    93KB

  • Sample

    241223-ev99mawjhy

  • MD5

    294e664307f626e09d3b2c0a45f6e02f

  • SHA1

    42e11b9811c378be54731d3056b919763d11cb43

  • SHA256

    ea23d4f71b2daffbfc2a07d28665a3172349c2e8e77464e60d0bc83cd75fa651

  • SHA512

    d3969e4d57decd6fc004ca64f5e8b10c66e52e32d7ec6e3ea6bdd4fda8e9d335cdee7206059cb08f95e17b5fcfb4cfae8d1bed37cc05c5306ca85acb87d3a14c

  • SSDEEP

    1536:MNeB8dDo+MXJwugdiVE5XG/sVAq2JA10BJtjTcjiwg58w:MNe2dGXMd15XGEVAq8A10rtjYY58w

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ea23d4f71b2daffbfc2a07d28665a3172349c2e8e77464e60d0bc83cd75fa651

    • Size

      93KB

    • MD5

      294e664307f626e09d3b2c0a45f6e02f

    • SHA1

      42e11b9811c378be54731d3056b919763d11cb43

    • SHA256

      ea23d4f71b2daffbfc2a07d28665a3172349c2e8e77464e60d0bc83cd75fa651

    • SHA512

      d3969e4d57decd6fc004ca64f5e8b10c66e52e32d7ec6e3ea6bdd4fda8e9d335cdee7206059cb08f95e17b5fcfb4cfae8d1bed37cc05c5306ca85acb87d3a14c

    • SSDEEP

      1536:MNeB8dDo+MXJwugdiVE5XG/sVAq2JA10BJtjTcjiwg58w:MNe2dGXMd15XGEVAq8A10rtjYY58w

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks