Overview

overview

10

Static

static

3

a9ec664dc8...9N.exe

windows7-x64

10

a9ec664dc8...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9ec664dc897d902343ec307cfcffb6645e0746e1e558f43d4b6b57496a6c939N.exe

  • Size

    302KB

  • Sample

    241225-ysws1awlbq

  • MD5

    ee84d1f15a41eee43b487ad3dbf8eed0

  • SHA1

    ba20dd41447e07d9e0081d09d2ec9cb0c351e0fb

  • SHA256

    a9ec664dc897d902343ec307cfcffb6645e0746e1e558f43d4b6b57496a6c939

  • SHA512

    dc83c27f7329a97c0c28fb24cdbef1fac06a7796e923dd1af8ba3f5e76ebdaf41d6e56493c4d9fc95b8a9d2feb7fdf4e4e8c16903e6a7e986eabe6c7692ca84c

  • SSDEEP

    6144:8AOs/8aPGyed2ToJ3FF7fPtcsw6UJZqktbOUqCTGepXgbWH:8Ajpw3FF7fFcsw6UJZqktbDqCTGepXgq

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a9ec664dc897d902343ec307cfcffb6645e0746e1e558f43d4b6b57496a6c939N.exe

    • Size

      302KB

    • MD5

      ee84d1f15a41eee43b487ad3dbf8eed0

    • SHA1

      ba20dd41447e07d9e0081d09d2ec9cb0c351e0fb

    • SHA256

      a9ec664dc897d902343ec307cfcffb6645e0746e1e558f43d4b6b57496a6c939

    • SHA512

      dc83c27f7329a97c0c28fb24cdbef1fac06a7796e923dd1af8ba3f5e76ebdaf41d6e56493c4d9fc95b8a9d2feb7fdf4e4e8c16903e6a7e986eabe6c7692ca84c

    • SSDEEP

      6144:8AOs/8aPGyed2ToJ3FF7fPtcsw6UJZqktbOUqCTGepXgbWH:8Ajpw3FF7fFcsw6UJZqktbDqCTGepXgq

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks