Overview

overview

10

Static

static

3

b8d5421a49...63.exe

windows7-x64

10

b8d5421a49...63.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8d5421a4941adbe2c714578171251fb82a16a40f5c584888ca55446016a8663

  • Size

    97KB

  • Sample

    250306-lxswpawly6

  • MD5

    457cb3e66e1f9ba9fe08cc141c200b93

  • SHA1

    1709c0a6278404b6260149f21ba70c025774be94

  • SHA256

    b8d5421a4941adbe2c714578171251fb82a16a40f5c584888ca55446016a8663

  • SHA512

    5a430256425ebaf75522507b8c14c33177f81b479505e072b15b2291600b9e34a5d8c28f8eb8d497019afb56735b5992f10abe16b9c25d2363a5ac6570915a43

  • SSDEEP

    1536:S0xrlVnwW+qFBOBjvWBMSYbYTZa5XElu+YXzXXPPPYx2x+4vJXeYZO:S0j1wSF0wSZYgQ5u+AJXeKO

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b8d5421a4941adbe2c714578171251fb82a16a40f5c584888ca55446016a8663

    • Size

      97KB

    • MD5

      457cb3e66e1f9ba9fe08cc141c200b93

    • SHA1

      1709c0a6278404b6260149f21ba70c025774be94

    • SHA256

      b8d5421a4941adbe2c714578171251fb82a16a40f5c584888ca55446016a8663

    • SHA512

      5a430256425ebaf75522507b8c14c33177f81b479505e072b15b2291600b9e34a5d8c28f8eb8d497019afb56735b5992f10abe16b9c25d2363a5ac6570915a43

    • SSDEEP

      1536:S0xrlVnwW+qFBOBjvWBMSYbYTZa5XElu+YXzXXPPPYx2x+4vJXeYZO:S0j1wSF0wSZYgQ5u+AJXeKO

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks