Overview

overview

10

Static

static

10

2c0611e2b0...f6.exe

windows7-x64

10

2c0611e2b0...f6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c0611e2b0588555a2543fe10cc5463519db8ff99c23a44f83dd6bcc0eb705f6

  • Size

    448KB

  • Sample

    241224-zkz15axkgn

  • MD5

    d47f08859eb281cf83afce76bca219ab

  • SHA1

    fb947e640a4df23f2965d4c3e25303bc68900b67

  • SHA256

    2c0611e2b0588555a2543fe10cc5463519db8ff99c23a44f83dd6bcc0eb705f6

  • SHA512

    61195b2c185072d715ffc58962ddd1fd38d04b80f6ce5a38fc9e8630662947ed0b41525b5f9c21cc2d762f4c4779ba8ebab7befa4372ce00a071b04f139dc35c

  • SSDEEP

    6144:giaYbThJ3m41ixiLUmKyIxLDXXoq9FJZCUmKyIxL:giaGtJ3mx832XXf9Do3

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      2c0611e2b0588555a2543fe10cc5463519db8ff99c23a44f83dd6bcc0eb705f6

    • Size

      448KB

    • MD5

      d47f08859eb281cf83afce76bca219ab

    • SHA1

      fb947e640a4df23f2965d4c3e25303bc68900b67

    • SHA256

      2c0611e2b0588555a2543fe10cc5463519db8ff99c23a44f83dd6bcc0eb705f6

    • SHA512

      61195b2c185072d715ffc58962ddd1fd38d04b80f6ce5a38fc9e8630662947ed0b41525b5f9c21cc2d762f4c4779ba8ebab7befa4372ce00a071b04f139dc35c

    • SSDEEP

      6144:giaYbThJ3m41ixiLUmKyIxLDXXoq9FJZCUmKyIxL:giaGtJ3mx832XXf9Do3

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks