Overview

overview

10

Static

static

3

2fd0bea2d2...65.exe

windows7-x64

10

2fd0bea2d2...65.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fd0bea2d2eae2e859679fcb8f75c37226e5d970159c6c89c5a8ae9795791465

  • Size

    74KB

  • Sample

    250305-2q3ejssjz6

  • MD5

    7c9e51e7dd4af2e2599f137b5026c495

  • SHA1

    948a29d9db14606fab55a843ae028c00c5ed6b4e

  • SHA256

    2fd0bea2d2eae2e859679fcb8f75c37226e5d970159c6c89c5a8ae9795791465

  • SHA512

    d37bb80ee9ad57ae90c7a74a22efea34c3f8c5d065ca4f5157328d86aacf14c4db9c485f8d40c03a4c48b06637b318c034a977c9e1c71a1f2f94772171f09866

  • SSDEEP

    1536:kdX2XctF+DxqAYO7AtXPRSo2PQsPuPfwLoHn/P:kdX2ctkDxqB+S/AoiL2h/

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      2fd0bea2d2eae2e859679fcb8f75c37226e5d970159c6c89c5a8ae9795791465

    • Size

      74KB

    • MD5

      7c9e51e7dd4af2e2599f137b5026c495

    • SHA1

      948a29d9db14606fab55a843ae028c00c5ed6b4e

    • SHA256

      2fd0bea2d2eae2e859679fcb8f75c37226e5d970159c6c89c5a8ae9795791465

    • SHA512

      d37bb80ee9ad57ae90c7a74a22efea34c3f8c5d065ca4f5157328d86aacf14c4db9c485f8d40c03a4c48b06637b318c034a977c9e1c71a1f2f94772171f09866

    • SSDEEP

      1536:kdX2XctF+DxqAYO7AtXPRSo2PQsPuPfwLoHn/P:kdX2ctkDxqB+S/AoiL2h/

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks