Overview

overview

10

Static

static

10

9360dcb21f...58.exe

windows7-x64

10

9360dcb21f...58.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9360dcb21f960f103a76dd2cf78f0278d4a006836134514d626dc1aa0bcf4158

  • Size

    320KB

  • Sample

    241225-a1eyfssmcm

  • MD5

    fa2a9899ebafae6485bd7be778e5859b

  • SHA1

    8ee756925b6c9febb5038168c938b39175b866f7

  • SHA256

    9360dcb21f960f103a76dd2cf78f0278d4a006836134514d626dc1aa0bcf4158

  • SHA512

    f4ddc58cf7967895b18340d1008c462b63694e83e0f7fe88ffaf8a4681f6d16ec39cda0a2447d4990b05ff853995b26343f2bb1cf80f878947f76e8a342a06d1

  • SSDEEP

    6144:B8W7SsdqL7rhtIQO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwp:B8zLHha/+zrWAI5KFum/+zrWAIAqe

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9360dcb21f960f103a76dd2cf78f0278d4a006836134514d626dc1aa0bcf4158

    • Size

      320KB

    • MD5

      fa2a9899ebafae6485bd7be778e5859b

    • SHA1

      8ee756925b6c9febb5038168c938b39175b866f7

    • SHA256

      9360dcb21f960f103a76dd2cf78f0278d4a006836134514d626dc1aa0bcf4158

    • SHA512

      f4ddc58cf7967895b18340d1008c462b63694e83e0f7fe88ffaf8a4681f6d16ec39cda0a2447d4990b05ff853995b26343f2bb1cf80f878947f76e8a342a06d1

    • SSDEEP

      6144:B8W7SsdqL7rhtIQO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwp:B8zLHha/+zrWAI5KFum/+zrWAIAqe

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks