Overview

overview

10

Static

static

3

069a646992...62.exe

windows7-x64

10

069a646992...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    069a6469922c3ec0acf1cf12b4fb49c43dfe8d5c76de1885bd2e231b118fe762

  • Size

    93KB

  • Sample

    250306-ycawlawnz6

  • MD5

    6fbfe60a9e1f8292c2eaac4d606d1040

  • SHA1

    d35dc25492130c8daa7b4c0436ecc81fa65c1f99

  • SHA256

    069a6469922c3ec0acf1cf12b4fb49c43dfe8d5c76de1885bd2e231b118fe762

  • SHA512

    deac309cbd9b6c2a0ec82312601b8e7f6c5bdc9bf763f21b2d7908d6747b6b8d921d1016e8fcd1f5812e80df4bb7f036710da15e8e657aff5077520016cf0818

  • SSDEEP

    1536:Y3nV0uMpu1D100QEylcrfqO2k+169UH3AfI4zgv2lX+/CG5qzsaMiwihtIbbpkp:20b01D3Q5lcrSc+169UXm9UOlcCG5YdT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      069a6469922c3ec0acf1cf12b4fb49c43dfe8d5c76de1885bd2e231b118fe762

    • Size

      93KB

    • MD5

      6fbfe60a9e1f8292c2eaac4d606d1040

    • SHA1

      d35dc25492130c8daa7b4c0436ecc81fa65c1f99

    • SHA256

      069a6469922c3ec0acf1cf12b4fb49c43dfe8d5c76de1885bd2e231b118fe762

    • SHA512

      deac309cbd9b6c2a0ec82312601b8e7f6c5bdc9bf763f21b2d7908d6747b6b8d921d1016e8fcd1f5812e80df4bb7f036710da15e8e657aff5077520016cf0818

    • SSDEEP

      1536:Y3nV0uMpu1D100QEylcrfqO2k+169UH3AfI4zgv2lX+/CG5qzsaMiwihtIbbpkp:20b01D3Q5lcrSc+169UXm9UOlcCG5YdT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks