Overview

overview

10

Static

static

3

694eba51f3...31.exe

windows7-x64

10

694eba51f3...31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    694eba51f341da68ed44a85c054e706ee59590cf2c42c0e6a39f8f9c23daad31

  • Size

    79KB

  • Sample

    250306-egn48sxvax

  • MD5

    4759cda81d8ef6be9ba1bd232e555f03

  • SHA1

    91002973f7d35c544089386d378a4b6e07fa8305

  • SHA256

    694eba51f341da68ed44a85c054e706ee59590cf2c42c0e6a39f8f9c23daad31

  • SHA512

    3b77fb5d607f5812e5ef45fbe994e156e6a006a01dc9c87662309542fa7f5d2715ae8d2abaaf43dfce1fab5e258c2b216da6e1c74c2d1c4f771a47eae72706c0

  • SSDEEP

    1536:u17YK4Dz/G5BqQiCKExMh4hRTFJt+ylfLZ6JCck/DMVs:u9Qz/G5BqQpKEFjUM6JCj7g

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      694eba51f341da68ed44a85c054e706ee59590cf2c42c0e6a39f8f9c23daad31

    • Size

      79KB

    • MD5

      4759cda81d8ef6be9ba1bd232e555f03

    • SHA1

      91002973f7d35c544089386d378a4b6e07fa8305

    • SHA256

      694eba51f341da68ed44a85c054e706ee59590cf2c42c0e6a39f8f9c23daad31

    • SHA512

      3b77fb5d607f5812e5ef45fbe994e156e6a006a01dc9c87662309542fa7f5d2715ae8d2abaaf43dfce1fab5e258c2b216da6e1c74c2d1c4f771a47eae72706c0

    • SSDEEP

      1536:u17YK4Dz/G5BqQiCKExMh4hRTFJt+ylfLZ6JCck/DMVs:u9Qz/G5BqQpKEFjUM6JCj7g

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks