Overview

overview

10

Static

static

3

6aa4489033...47.exe

windows7-x64

10

6aa4489033...47.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6aa4489033628065393a75f88a913b819919ba0e56e4ff760b7be87ca0dfea47

  • Size

    128KB

  • Sample

    241224-246n5azndv

  • MD5

    dd05a525be27c0cb08fc6726fb7287fb

  • SHA1

    ed98c8201809ccf2c8cceb5fd12648d18c5fae4e

  • SHA256

    6aa4489033628065393a75f88a913b819919ba0e56e4ff760b7be87ca0dfea47

  • SHA512

    130e4655ca73e639fe013f239c6eedff1c51f330a919e5120fad09e91b3e7fe19d002b62fbcf68331d8bc22f2a16b844e9f0580bc36d1a7338178aef45685b41

  • SSDEEP

    3072:SNFW+1YDm8PdVX3bUjr/S/bLHpQTufU3kremwc/gHq/Wp+YmKfxgC:KmPdxrar/YHRU3/fc/UmKyC

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6aa4489033628065393a75f88a913b819919ba0e56e4ff760b7be87ca0dfea47

    • Size

      128KB

    • MD5

      dd05a525be27c0cb08fc6726fb7287fb

    • SHA1

      ed98c8201809ccf2c8cceb5fd12648d18c5fae4e

    • SHA256

      6aa4489033628065393a75f88a913b819919ba0e56e4ff760b7be87ca0dfea47

    • SHA512

      130e4655ca73e639fe013f239c6eedff1c51f330a919e5120fad09e91b3e7fe19d002b62fbcf68331d8bc22f2a16b844e9f0580bc36d1a7338178aef45685b41

    • SSDEEP

      3072:SNFW+1YDm8PdVX3bUjr/S/bLHpQTufU3kremwc/gHq/Wp+YmKfxgC:KmPdxrar/YHRU3/fc/UmKyC

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks