Overview

overview

10

Static

static

3

8eb1de10f3...dN.exe

windows7-x64

10

8eb1de10f3...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8eb1de10f34458936b725c2b67da89985815f1452671ea4b5bb282c9b8ea5fbdN.exe

  • Size

    120KB

  • Sample

    241225-r5raqawjeq

  • MD5

    f5afe1840e38f0aa9fce313d04cf1280

  • SHA1

    47206f2ce2bded2c400b0dadc34020c6f249b3c5

  • SHA256

    8eb1de10f34458936b725c2b67da89985815f1452671ea4b5bb282c9b8ea5fbd

  • SHA512

    882b59b5de2c34b86b36e6c3d76ce8b4daff234eff03ab7d058a4f651e7ddd9a59e2897db2119c5430c968eb928c00b9f2356acf94897045649d41d3240fbf44

  • SSDEEP

    1536:8NAAHpjcl+cSszEx+rbgqHjp5ySrBJ79w7dCDjz0cZ44mjD9r823F4:86AHp/cSsYUwqHjpBJ7aBCAi/mjRrz3C

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8eb1de10f34458936b725c2b67da89985815f1452671ea4b5bb282c9b8ea5fbdN.exe

    • Size

      120KB

    • MD5

      f5afe1840e38f0aa9fce313d04cf1280

    • SHA1

      47206f2ce2bded2c400b0dadc34020c6f249b3c5

    • SHA256

      8eb1de10f34458936b725c2b67da89985815f1452671ea4b5bb282c9b8ea5fbd

    • SHA512

      882b59b5de2c34b86b36e6c3d76ce8b4daff234eff03ab7d058a4f651e7ddd9a59e2897db2119c5430c968eb928c00b9f2356acf94897045649d41d3240fbf44

    • SSDEEP

      1536:8NAAHpjcl+cSszEx+rbgqHjp5ySrBJ79w7dCDjz0cZ44mjD9r823F4:86AHp/cSsYUwqHjpBJ7aBCAi/mjRrz3C

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks