Overview

overview

10

Static

static

10

9b2e8a304a...1e.exe

windows7-x64

10

9b2e8a304a...1e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b2e8a304a54afc7a63c5d6407dd1bd6eaac1934cf74e29cdd061b9421b43a1e

  • Size

    582KB

  • Sample

    241225-ba5xmaspcn

  • MD5

    98ec634228b68a13943c9fdd50d0af18

  • SHA1

    34aee7508116f1d431eef3881cdad2e0b2e44218

  • SHA256

    9b2e8a304a54afc7a63c5d6407dd1bd6eaac1934cf74e29cdd061b9421b43a1e

  • SHA512

    dae782e4fae3753af05a47a2af5ded5f46cd54101cf9ce06791fc90b0f80cfa0f2e19fe1409c4641f725a417d59a993174fe8ed51ac6c5131878f1cf2f5d681c

  • SSDEEP

    12288:3yi20EsYNrekcPYNrq6+gmCAYNrekcPYNrB:3yiVakaF+gqakad

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9b2e8a304a54afc7a63c5d6407dd1bd6eaac1934cf74e29cdd061b9421b43a1e

    • Size

      582KB

    • MD5

      98ec634228b68a13943c9fdd50d0af18

    • SHA1

      34aee7508116f1d431eef3881cdad2e0b2e44218

    • SHA256

      9b2e8a304a54afc7a63c5d6407dd1bd6eaac1934cf74e29cdd061b9421b43a1e

    • SHA512

      dae782e4fae3753af05a47a2af5ded5f46cd54101cf9ce06791fc90b0f80cfa0f2e19fe1409c4641f725a417d59a993174fe8ed51ac6c5131878f1cf2f5d681c

    • SSDEEP

      12288:3yi20EsYNrekcPYNrq6+gmCAYNrekcPYNrB:3yiVakaF+gqakad

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks