Overview

overview

10

Static

static

3

da9f0c7216...ba.exe

windows7-x64

10

da9f0c7216...ba.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da9f0c72169adeb224b5234b8f05776d424ba24d4c69c68f82b6d999d85f0dba

  • Size

    96KB

  • Sample

    250306-ptr2rsytcs

  • MD5

    5dc77c99e0568ecd9da8dfc4f8ff4f21

  • SHA1

    a0291e80c4a33b3f18925221bfc65a88f0d94d00

  • SHA256

    da9f0c72169adeb224b5234b8f05776d424ba24d4c69c68f82b6d999d85f0dba

  • SHA512

    ab71d081685de1e614d478b687e7be5df1f6a391ae792e1a4f23e98b3dc5394806a6b7f5e93873776a486c1cf88a6f32238643c89133ba0f1d14c1163f741560

  • SSDEEP

    1536:Kyq2G2k5TRe/Jh9iyRx8mn0/piDg2tj74S7V+5pUMv84WMRw8Dkqq:Kyq2bZ/JGfeO5iP4Sp+7H7wWkqq

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      da9f0c72169adeb224b5234b8f05776d424ba24d4c69c68f82b6d999d85f0dba

    • Size

      96KB

    • MD5

      5dc77c99e0568ecd9da8dfc4f8ff4f21

    • SHA1

      a0291e80c4a33b3f18925221bfc65a88f0d94d00

    • SHA256

      da9f0c72169adeb224b5234b8f05776d424ba24d4c69c68f82b6d999d85f0dba

    • SHA512

      ab71d081685de1e614d478b687e7be5df1f6a391ae792e1a4f23e98b3dc5394806a6b7f5e93873776a486c1cf88a6f32238643c89133ba0f1d14c1163f741560

    • SSDEEP

      1536:Kyq2G2k5TRe/Jh9iyRx8mn0/piDg2tj74S7V+5pUMv84WMRw8Dkqq:Kyq2bZ/JGfeO5iP4Sp+7H7wWkqq

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks