Overview

overview

10

Static

static

3

6de25575b5...c8.exe

windows7-x64

10

6de25575b5...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6de25575b5d4c4e90dc62f9261f3157c78eec7a55c2dcfe03b1b154aaf2128c8.exe

  • Size

    92KB

  • Sample

    241225-vsdqmszpdk

  • MD5

    ad11c749fc6e04eea396a4a7a2aeaa60

  • SHA1

    a74500ac8f4f9644fb168d1b23e38be57af692de

  • SHA256

    6de25575b5d4c4e90dc62f9261f3157c78eec7a55c2dcfe03b1b154aaf2128c8

  • SHA512

    9a50c85d42fc4f7b357ea132f6b5af99f5260acf61d2f99cb8afc0347b159f4340749b19ead62c17350f665a9b1b306a4e36287430af0e6fb3ceb697015e02d6

  • SSDEEP

    1536:ePktiLarhMgdoYwtGqEvn8QI2OFPe3Xsiwo/AZmL1Y/y+1gftx/DsmuN3imnunG9:ePkwgmYZ3vn8QI90+54x7smuVbe4+G

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6de25575b5d4c4e90dc62f9261f3157c78eec7a55c2dcfe03b1b154aaf2128c8.exe

    • Size

      92KB

    • MD5

      ad11c749fc6e04eea396a4a7a2aeaa60

    • SHA1

      a74500ac8f4f9644fb168d1b23e38be57af692de

    • SHA256

      6de25575b5d4c4e90dc62f9261f3157c78eec7a55c2dcfe03b1b154aaf2128c8

    • SHA512

      9a50c85d42fc4f7b357ea132f6b5af99f5260acf61d2f99cb8afc0347b159f4340749b19ead62c17350f665a9b1b306a4e36287430af0e6fb3ceb697015e02d6

    • SSDEEP

      1536:ePktiLarhMgdoYwtGqEvn8QI2OFPe3Xsiwo/AZmL1Y/y+1gftx/DsmuN3imnunG9:ePkwgmYZ3vn8QI90+54x7smuVbe4+G

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks