Overview

overview

10

Static

static

3

137af4d89f...af.exe

windows7-x64

10

137af4d89f...af.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    137af4d89f1e9e61612f887ebc2c01d7ebf0b652d7caca2bf4e72ffc02472daf

  • Size

    109KB

  • Sample

    250306-zx9q4axvdt

  • MD5

    1981e45cb9fada82ae4afe5c853d40ca

  • SHA1

    e9d706ec429ed174f57619e1d0a6d06d62edfa42

  • SHA256

    137af4d89f1e9e61612f887ebc2c01d7ebf0b652d7caca2bf4e72ffc02472daf

  • SHA512

    e9cd2c96523dd44ca57dbacd8ef36cc1070c45a24e8083d070dcf35426897ce586bdc907601eaadad6fd00ea02c0795bb965438eb65b2c06b8323e9f2bff4311

  • SSDEEP

    3072:/A79YFQHyd+vHQNpN98fo3PXl9Z7S/yCsKh2EzZA/z:euGf/QN39go35e/yCthvUz

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      137af4d89f1e9e61612f887ebc2c01d7ebf0b652d7caca2bf4e72ffc02472daf

    • Size

      109KB

    • MD5

      1981e45cb9fada82ae4afe5c853d40ca

    • SHA1

      e9d706ec429ed174f57619e1d0a6d06d62edfa42

    • SHA256

      137af4d89f1e9e61612f887ebc2c01d7ebf0b652d7caca2bf4e72ffc02472daf

    • SHA512

      e9cd2c96523dd44ca57dbacd8ef36cc1070c45a24e8083d070dcf35426897ce586bdc907601eaadad6fd00ea02c0795bb965438eb65b2c06b8323e9f2bff4311

    • SSDEEP

      3072:/A79YFQHyd+vHQNpN98fo3PXl9Z7S/yCsKh2EzZA/z:euGf/QN39go35e/yCthvUz

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks