Overview

overview

10

Static

static

3

afb3185563...bN.exe

windows7-x64

10

afb3185563...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    afb3185563241c8415d546483485f3ee118896762c6421ebe0ad254d29425a0bN.exe

  • Size

    74KB

  • Sample

    241225-r7xkhswkbr

  • MD5

    4d023c2e264442fc8c53ba9144fa5ae0

  • SHA1

    33174c3d5984fa49413272cbaf90f78a25d3d71c

  • SHA256

    afb3185563241c8415d546483485f3ee118896762c6421ebe0ad254d29425a0b

  • SHA512

    1789ea6264bca5b17f683a486e6d005322d60e00fcbfc87f68c6652a458ff0fd1ded7e90a3a51a8a8df96c1c91c97053196a03748f0928de4e82f46b54cf1ddc

  • SSDEEP

    1536:rUapZ+Lxcb9LBdplEIP86BJZ7K1CNT+K8:r7yG9LBdjfEqhx8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      afb3185563241c8415d546483485f3ee118896762c6421ebe0ad254d29425a0bN.exe

    • Size

      74KB

    • MD5

      4d023c2e264442fc8c53ba9144fa5ae0

    • SHA1

      33174c3d5984fa49413272cbaf90f78a25d3d71c

    • SHA256

      afb3185563241c8415d546483485f3ee118896762c6421ebe0ad254d29425a0b

    • SHA512

      1789ea6264bca5b17f683a486e6d005322d60e00fcbfc87f68c6652a458ff0fd1ded7e90a3a51a8a8df96c1c91c97053196a03748f0928de4e82f46b54cf1ddc

    • SSDEEP

      1536:rUapZ+Lxcb9LBdplEIP86BJZ7K1CNT+K8:r7yG9LBdjfEqhx8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks