Overview

overview

10

Static

static

3

2148768554...71.exe

windows7-x64

10

2148768554...71.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    214876855471b8331096d1242f8d95e03a19f8d730aa90446b82b49696362971

  • Size

    96KB

  • Sample

    250306-2jt5layyez

  • MD5

    3d475bb5de4d2304a95d4c589f059bb8

  • SHA1

    6937d533f15058446211dc2a68d03c250b6bc33e

  • SHA256

    214876855471b8331096d1242f8d95e03a19f8d730aa90446b82b49696362971

  • SHA512

    75ac96dff2c39aba2251577913383403e8542a51df939f027b94b23ef998184f866cb60e832f0a09fb9cc63ddafb0f70b9a6d9cbf5e8d35f469155d9723a8c27

  • SSDEEP

    1536:t9MA5uwpljx8us9xtQErcNkUHec9lL/bsFTqr1XV/k+O6lcRtonlHQeoklm0Sybm:8AHvW9xth2HHec9lLRZcRm+eL2kd69j1

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      214876855471b8331096d1242f8d95e03a19f8d730aa90446b82b49696362971

    • Size

      96KB

    • MD5

      3d475bb5de4d2304a95d4c589f059bb8

    • SHA1

      6937d533f15058446211dc2a68d03c250b6bc33e

    • SHA256

      214876855471b8331096d1242f8d95e03a19f8d730aa90446b82b49696362971

    • SHA512

      75ac96dff2c39aba2251577913383403e8542a51df939f027b94b23ef998184f866cb60e832f0a09fb9cc63ddafb0f70b9a6d9cbf5e8d35f469155d9723a8c27

    • SSDEEP

      1536:t9MA5uwpljx8us9xtQErcNkUHec9lL/bsFTqr1XV/k+O6lcRtonlHQeoklm0Sybm:8AHvW9xth2HHec9lLRZcRm+eL2kd69j1

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks