Overview

overview

10

Static

static

3

01455b79cc...b2.exe

windows7-x64

10

01455b79cc...b2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01455b79cc277c2e2ff84ff99f3f6a91ede004e601ed6e41cc341d5e358b97b2

  • Size

    1.4MB

  • Sample

    250306-xvgleswkz3

  • MD5

    8a354c85fc0a7b2737dfa9f14f4697ed

  • SHA1

    a3988a0a663049ca015aa60a380ba0dcee0570d8

  • SHA256

    01455b79cc277c2e2ff84ff99f3f6a91ede004e601ed6e41cc341d5e358b97b2

  • SHA512

    ef7401a1570dc533eeb57d798cde9866afc21d333d9ac7dbdfc470ba412f360c090a74cd593d3f5e600febbd09b963c7c36025ab551520c3ca34ae152a2e5541

  • SSDEEP

    24576:0SDgu5YyCtCCm0BmmvFimm0wh2kkkkK4kXkkkkkkkkhLX3a20R0v50+YNpsKv2Ej:02gu5RCtCmi7bazR0vKLXZt

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      01455b79cc277c2e2ff84ff99f3f6a91ede004e601ed6e41cc341d5e358b97b2

    • Size

      1.4MB

    • MD5

      8a354c85fc0a7b2737dfa9f14f4697ed

    • SHA1

      a3988a0a663049ca015aa60a380ba0dcee0570d8

    • SHA256

      01455b79cc277c2e2ff84ff99f3f6a91ede004e601ed6e41cc341d5e358b97b2

    • SHA512

      ef7401a1570dc533eeb57d798cde9866afc21d333d9ac7dbdfc470ba412f360c090a74cd593d3f5e600febbd09b963c7c36025ab551520c3ca34ae152a2e5541

    • SSDEEP

      24576:0SDgu5YyCtCCm0BmmvFimm0wh2kkkkK4kXkkkkkkkkhLX3a20R0v50+YNpsKv2Ej:02gu5RCtCmi7bazR0vKLXZt

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks