Overview

overview

10

Static

static

3

5ee7a568df...6c.exe

windows7-x64

10

5ee7a568df...6c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5ee7a568dfaa8d5b27e688f714b9bfa8cd19a224c4dbe0f94c219f53b741c96c

  • Size

    144KB

  • Sample

    250306-daxmcswtfs

  • MD5

    a7ad6e1481f41fb5dd91e50e43904e66

  • SHA1

    72dcd4c9efa6bae44c3cc20203b8c57c9a229d48

  • SHA256

    5ee7a568dfaa8d5b27e688f714b9bfa8cd19a224c4dbe0f94c219f53b741c96c

  • SHA512

    eb2958e465af119299463d0b783543bd48ed464b711037928f29f22b9a2219da956b81717f4e0a37bdd2627d530188f838e117973d009db69cfe9917ab63d99d

  • SSDEEP

    3072:RGe+GwIWtJySBtts8nZlqsMgmgHq/Wp+YmKfxgQdxvq:R9+GwBtY8npMgmUmKyIxi

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5ee7a568dfaa8d5b27e688f714b9bfa8cd19a224c4dbe0f94c219f53b741c96c

    • Size

      144KB

    • MD5

      a7ad6e1481f41fb5dd91e50e43904e66

    • SHA1

      72dcd4c9efa6bae44c3cc20203b8c57c9a229d48

    • SHA256

      5ee7a568dfaa8d5b27e688f714b9bfa8cd19a224c4dbe0f94c219f53b741c96c

    • SHA512

      eb2958e465af119299463d0b783543bd48ed464b711037928f29f22b9a2219da956b81717f4e0a37bdd2627d530188f838e117973d009db69cfe9917ab63d99d

    • SSDEEP

      3072:RGe+GwIWtJySBtts8nZlqsMgmgHq/Wp+YmKfxgQdxvq:R9+GwBtY8npMgmUmKyIxi

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks