Overview

overview

10

Static

static

3

5d618396fb...4f.exe

windows7-x64

10

5d618396fb...4f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d618396fbab3b7a2eb3339b0b690cb32f6ae0e232d856cf2e96e8b56b4e474f

  • Size

    198KB

  • Sample

    241224-2ka34syrav

  • MD5

    fd9a0494da19b0a39889164e568966a9

  • SHA1

    2f2488f0bbad97ce89dfc3210c5b44ba72cd52a2

  • SHA256

    5d618396fbab3b7a2eb3339b0b690cb32f6ae0e232d856cf2e96e8b56b4e474f

  • SHA512

    f8dba84d4a1fc1a7708efd535ce7d7a5f268d570ef862f755679d994c5cf464cb201ff1bc1ce81c01f223f2a054165d2be051b7f6d474a7829c6d05ffa60bc30

  • SSDEEP

    3072:GsX5JFDv+V0Ow+4iN4Sp+7H7wWkqrifbdB7dYk1Bx8DpsV6OzrCIwfE:GspJFxjiNBOHhkym/89bKws

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5d618396fbab3b7a2eb3339b0b690cb32f6ae0e232d856cf2e96e8b56b4e474f

    • Size

      198KB

    • MD5

      fd9a0494da19b0a39889164e568966a9

    • SHA1

      2f2488f0bbad97ce89dfc3210c5b44ba72cd52a2

    • SHA256

      5d618396fbab3b7a2eb3339b0b690cb32f6ae0e232d856cf2e96e8b56b4e474f

    • SHA512

      f8dba84d4a1fc1a7708efd535ce7d7a5f268d570ef862f755679d994c5cf464cb201ff1bc1ce81c01f223f2a054165d2be051b7f6d474a7829c6d05ffa60bc30

    • SSDEEP

      3072:GsX5JFDv+V0Ow+4iN4Sp+7H7wWkqrifbdB7dYk1Bx8DpsV6OzrCIwfE:GspJFxjiNBOHhkym/89bKws

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks