Overview

overview

10

Static

static

3

56be6aa883...9a.exe

windows7-x64

10

56be6aa883...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56be6aa883f1d242a9610a98717fc2bca5bbd238fd5184a9acf2487a782b839a

  • Size

    844KB

  • Sample

    241224-2abxnayrcm

  • MD5

    b2227265601e058673f80e5c3c76282f

  • SHA1

    54bb5f361f5a907e92c99514e14490d4c9948f11

  • SHA256

    56be6aa883f1d242a9610a98717fc2bca5bbd238fd5184a9acf2487a782b839a

  • SHA512

    e960147835f5144deb2dad59521c7cf69da17c22ed693c64cca93b53ed79d7c87d43621fd5fac2e652fd426ec719a7d309de50ddb8940c1a8222a7a025c02e81

  • SSDEEP

    24576:oGnyH5W3TnbQihMpQnqrdX72LbY6x46uR/qYglMi:oGyH5W3TbQihw+cdX2x46uhqllMi

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      56be6aa883f1d242a9610a98717fc2bca5bbd238fd5184a9acf2487a782b839a

    • Size

      844KB

    • MD5

      b2227265601e058673f80e5c3c76282f

    • SHA1

      54bb5f361f5a907e92c99514e14490d4c9948f11

    • SHA256

      56be6aa883f1d242a9610a98717fc2bca5bbd238fd5184a9acf2487a782b839a

    • SHA512

      e960147835f5144deb2dad59521c7cf69da17c22ed693c64cca93b53ed79d7c87d43621fd5fac2e652fd426ec719a7d309de50ddb8940c1a8222a7a025c02e81

    • SSDEEP

      24576:oGnyH5W3TnbQihMpQnqrdX72LbY6x46uR/qYglMi:oGyH5W3TbQihw+cdX2x46uhqllMi

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks