Overview

overview

10

Static

static

3

089876845f...7N.exe

windows7-x64

10

089876845f...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    089876845f4bbaf2ce8329b373f76274538fde598179ec719e35454eae570bb7N.exe

  • Size

    94KB

  • Sample

    241225-ts2l2axrds

  • MD5

    e821428b187b481475814308b852f7e0

  • SHA1

    5c2953b798739103c3f59e46da752d3d1b5388eb

  • SHA256

    089876845f4bbaf2ce8329b373f76274538fde598179ec719e35454eae570bb7

  • SHA512

    f0df85b21350f0f85bcb0b271b919c03f9f43b859251c9f764704182af6cc1418659bd29dc961cc5fac668d47406a575a1eeccec7e5fe2c5a26ee5472a252ab6

  • SSDEEP

    1536:pjMo2mFKJXVjVK8XCVkXj6gX+nUKrPW26iXeoUnJiu6agsd7BR9L4DT2EnINs:p+mFw9VvrX2gkUyz6voUnku6avd6+ob

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      089876845f4bbaf2ce8329b373f76274538fde598179ec719e35454eae570bb7N.exe

    • Size

      94KB

    • MD5

      e821428b187b481475814308b852f7e0

    • SHA1

      5c2953b798739103c3f59e46da752d3d1b5388eb

    • SHA256

      089876845f4bbaf2ce8329b373f76274538fde598179ec719e35454eae570bb7

    • SHA512

      f0df85b21350f0f85bcb0b271b919c03f9f43b859251c9f764704182af6cc1418659bd29dc961cc5fac668d47406a575a1eeccec7e5fe2c5a26ee5472a252ab6

    • SSDEEP

      1536:pjMo2mFKJXVjVK8XCVkXj6gX+nUKrPW26iXeoUnJiu6agsd7BR9L4DT2EnINs:p+mFw9VvrX2gkUyz6voUnku6avd6+ob

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks