Overview

overview

10

Static

static

10

32dc96a5d8...18.exe

windows7-x64

10

32dc96a5d8...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32dc96a5d876a40c30b3f510d37e749602ac7ddf3f221129449fe79352c11218

  • Size

    378KB

  • Sample

    250307-a7cfxa1qy7

  • MD5

    ae7c5ee7e665fb2e6f8420630f0a6efc

  • SHA1

    3e332bf16054e1ac5e2438f069befc1962224b72

  • SHA256

    32dc96a5d876a40c30b3f510d37e749602ac7ddf3f221129449fe79352c11218

  • SHA512

    da47b31de6f23cec810e52192bc33c7374ae8e14d69cecd9eddfe8ecef697fe859809ae2e6176fa710fd4330e681b5328726436cb87a6a5900a99cc0f2eebe47

  • SSDEEP

    6144:u5aSpwEheYr75lHzpaF2e6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42GTQMJSi:u5p1heYr75lTefkY660fIaDZkY660f28

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      32dc96a5d876a40c30b3f510d37e749602ac7ddf3f221129449fe79352c11218

    • Size

      378KB

    • MD5

      ae7c5ee7e665fb2e6f8420630f0a6efc

    • SHA1

      3e332bf16054e1ac5e2438f069befc1962224b72

    • SHA256

      32dc96a5d876a40c30b3f510d37e749602ac7ddf3f221129449fe79352c11218

    • SHA512

      da47b31de6f23cec810e52192bc33c7374ae8e14d69cecd9eddfe8ecef697fe859809ae2e6176fa710fd4330e681b5328726436cb87a6a5900a99cc0f2eebe47

    • SSDEEP

      6144:u5aSpwEheYr75lHzpaF2e6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42GTQMJSi:u5p1heYr75lTefkY660fIaDZkY660f28

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks