Overview

overview

10

Static

static

3

5e23b51645...be.exe

windows7-x64

10

5e23b51645...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e23b5164598addf61f9c83edab7b827bbc799d0d1d881388feb0beba8d4d5be

  • Size

    96KB

  • Sample

    241225-x7a96stqat

  • MD5

    9abf36715fafba3d7f6bb6d0dece81ad

  • SHA1

    eb877af5f602815c1a424458d1c850f07ff961c2

  • SHA256

    5e23b5164598addf61f9c83edab7b827bbc799d0d1d881388feb0beba8d4d5be

  • SHA512

    c70130903db75be52721aadf00378b625b39659c88435a801beeebec046beb0473a940599462c9aa1d2d9d5ef7e90d7e2298a88f68bdb3b959c4694225b0142c

  • SSDEEP

    1536:CSY0Hgsa8ovR5OHdZ0lVvV3QthMkokXH3chDWAgZW1jEhrUQVoMdUT+irF:CSml5OXqVvV3QtSenchDoZW1jEhr1Rhk

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5e23b5164598addf61f9c83edab7b827bbc799d0d1d881388feb0beba8d4d5be

    • Size

      96KB

    • MD5

      9abf36715fafba3d7f6bb6d0dece81ad

    • SHA1

      eb877af5f602815c1a424458d1c850f07ff961c2

    • SHA256

      5e23b5164598addf61f9c83edab7b827bbc799d0d1d881388feb0beba8d4d5be

    • SHA512

      c70130903db75be52721aadf00378b625b39659c88435a801beeebec046beb0473a940599462c9aa1d2d9d5ef7e90d7e2298a88f68bdb3b959c4694225b0142c

    • SSDEEP

      1536:CSY0Hgsa8ovR5OHdZ0lVvV3QthMkokXH3chDWAgZW1jEhrUQVoMdUT+irF:CSml5OXqVvV3QtSenchDoZW1jEhr1Rhk

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks