Overview

overview

10

Static

static

3

e53df9a117...f0.exe

windows7-x64

10

e53df9a117...f0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e53df9a117d1338b03233aedeb4be1afca46a5cbdc9fdb5b6926d061833fb6f0

  • Size

    442KB

  • Sample

    241225-eara1sxjgr

  • MD5

    09f94c9e9112bdc11bbc050242f60ee8

  • SHA1

    56ab4c5131ddb4bde81d376bdf76a57532d9b94e

  • SHA256

    e53df9a117d1338b03233aedeb4be1afca46a5cbdc9fdb5b6926d061833fb6f0

  • SHA512

    b92b527a5b4c7238a72805905fbde6aa4eea10b5b1def36ad830374a72e02a04badf566fa332d382bfacbf105047d584efe14dead4ffe5f62b4cbfb46a4b2182

  • SSDEEP

    3072:bPa2keiOgYdhKLRcvVkqrifbdB7dYk1Bx8DpsV68RfPi4meqByN2DmtXGTtiOd/r:bPa+9gL6vVkym/89bifPidzIEZ/VZ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e53df9a117d1338b03233aedeb4be1afca46a5cbdc9fdb5b6926d061833fb6f0

    • Size

      442KB

    • MD5

      09f94c9e9112bdc11bbc050242f60ee8

    • SHA1

      56ab4c5131ddb4bde81d376bdf76a57532d9b94e

    • SHA256

      e53df9a117d1338b03233aedeb4be1afca46a5cbdc9fdb5b6926d061833fb6f0

    • SHA512

      b92b527a5b4c7238a72805905fbde6aa4eea10b5b1def36ad830374a72e02a04badf566fa332d382bfacbf105047d584efe14dead4ffe5f62b4cbfb46a4b2182

    • SSDEEP

      3072:bPa2keiOgYdhKLRcvVkqrifbdB7dYk1Bx8DpsV68RfPi4meqByN2DmtXGTtiOd/r:bPa+9gL6vVkym/89bifPidzIEZ/VZ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks