Overview

overview

10

Static

static

3

0d912695ab...70.exe

windows7-x64

10

0d912695ab...70.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d912695aba4f0a2ac0566c43e72a97f24e18ecb204cf204ca2e74210a822370

  • Size

    79KB

  • Sample

    250305-y1q8gsxwet

  • MD5

    1740b88f6990009d0dad342a3554f505

  • SHA1

    690a2f86085708aa03b1418208bb8d8226d64567

  • SHA256

    0d912695aba4f0a2ac0566c43e72a97f24e18ecb204cf204ca2e74210a822370

  • SHA512

    59c4dc4f2e785c134d06c7905eb80c20efb04a7c992cc2375d16613e007f2f82b9ed022b46f9c9a5bf73acca76b47b0214bdd78b58658c9330919aee48c596a5

  • SSDEEP

    1536:yuJkBQpPUdpO99pFd3lnYmQbhHZaI7DL63emOy9eKuSfmMV:yuRMY97qhHZaI7DL63emOy9mg

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0d912695aba4f0a2ac0566c43e72a97f24e18ecb204cf204ca2e74210a822370

    • Size

      79KB

    • MD5

      1740b88f6990009d0dad342a3554f505

    • SHA1

      690a2f86085708aa03b1418208bb8d8226d64567

    • SHA256

      0d912695aba4f0a2ac0566c43e72a97f24e18ecb204cf204ca2e74210a822370

    • SHA512

      59c4dc4f2e785c134d06c7905eb80c20efb04a7c992cc2375d16613e007f2f82b9ed022b46f9c9a5bf73acca76b47b0214bdd78b58658c9330919aee48c596a5

    • SSDEEP

      1536:yuJkBQpPUdpO99pFd3lnYmQbhHZaI7DL63emOy9eKuSfmMV:yuRMY97qhHZaI7DL63emOy9mg

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks