Overview

overview

10

Static

static

3

dc26a6e1c3...e8.exe

windows7-x64

10

dc26a6e1c3...e8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc26a6e1c3ecb8b1b242d9eb0dbc9a23f62ec686e98dab06955c121d0cff12e8

  • Size

    74KB

  • Sample

    241225-dx2jtswpgl

  • MD5

    9d56e3019eb1b242a8f49944d2c7dace

  • SHA1

    0de6d9532da1fdb6656710fe39788e723c9fe04b

  • SHA256

    dc26a6e1c3ecb8b1b242d9eb0dbc9a23f62ec686e98dab06955c121d0cff12e8

  • SHA512

    9a9295ad8515b2869e205a98e897d54b6da017cd26ab2edd4eace25ad7f2f9346d1c18ba4042bed74fef853657bcf96393a45a100f7b202d5360d750833756ac

  • SSDEEP

    1536:oi4z7bbnbAh4ZEvzy5NuiCgQx/VaxuV1X:q7vbC4qrOuiCfVzJ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dc26a6e1c3ecb8b1b242d9eb0dbc9a23f62ec686e98dab06955c121d0cff12e8

    • Size

      74KB

    • MD5

      9d56e3019eb1b242a8f49944d2c7dace

    • SHA1

      0de6d9532da1fdb6656710fe39788e723c9fe04b

    • SHA256

      dc26a6e1c3ecb8b1b242d9eb0dbc9a23f62ec686e98dab06955c121d0cff12e8

    • SHA512

      9a9295ad8515b2869e205a98e897d54b6da017cd26ab2edd4eace25ad7f2f9346d1c18ba4042bed74fef853657bcf96393a45a100f7b202d5360d750833756ac

    • SSDEEP

      1536:oi4z7bbnbAh4ZEvzy5NuiCgQx/VaxuV1X:q7vbC4qrOuiCfVzJ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks