Overview

overview

10

Static

static

3

fb197888d0...79.exe

windows7-x64

10

fb197888d0...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb197888d0adfe03ed8fbda5c549da31f7a1eb12ae41c623a5ada8a3cb0d9179.exe

  • Size

    265KB

  • Sample

    241225-vprs4azkcw

  • MD5

    c24f0a8484b25f3a891844b840425b65

  • SHA1

    e0fc2b7302b2d7d63c5350f9b4645ca6d7eee081

  • SHA256

    fb197888d0adfe03ed8fbda5c549da31f7a1eb12ae41c623a5ada8a3cb0d9179

  • SHA512

    17188c8fb796dbc53a9017c13ac7ff6c2b502aff4a68a1b8c1a693098789dfeb75e544fd6fd08f41e5d40eeab325e839d6de93955d95775a660ade08edd550bd

  • SSDEEP

    6144:wgTGcxLHnTLp103ETiZ0moGP/2dga1mcyw7Iu:/GYpScXwuR1mK79

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      fb197888d0adfe03ed8fbda5c549da31f7a1eb12ae41c623a5ada8a3cb0d9179.exe

    • Size

      265KB

    • MD5

      c24f0a8484b25f3a891844b840425b65

    • SHA1

      e0fc2b7302b2d7d63c5350f9b4645ca6d7eee081

    • SHA256

      fb197888d0adfe03ed8fbda5c549da31f7a1eb12ae41c623a5ada8a3cb0d9179

    • SHA512

      17188c8fb796dbc53a9017c13ac7ff6c2b502aff4a68a1b8c1a693098789dfeb75e544fd6fd08f41e5d40eeab325e839d6de93955d95775a660ade08edd550bd

    • SSDEEP

      6144:wgTGcxLHnTLp103ETiZ0moGP/2dga1mcyw7Iu:/GYpScXwuR1mK79

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks