Overview

overview

10

Static

static

10

3714ede6c7...51.exe

windows7-x64

10

3714ede6c7...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3714ede6c778f49ca17ec2b45d8dfeabe8d6bc0cccdc8b445dbcde0484d61b51

  • Size

    565KB

  • Sample

    250307-by89yssly4

  • MD5

    b09baddc0530e90ce1bd474322eab8cd

  • SHA1

    91ecb99e89e08213de016d10fe2194649866cf3a

  • SHA256

    3714ede6c778f49ca17ec2b45d8dfeabe8d6bc0cccdc8b445dbcde0484d61b51

  • SHA512

    e66414fcae777e54e8a701ca1da3dba645e0d169a2cc8d128e88d6346f9b10c108a7c59035c359d22f5a9f01505ea3cd17c9c71a670ad7a1c0daabbb4efa4225

  • SSDEEP

    12288:rUjqze3tuFjAh//+zrWAIAqWim/+zrWAI5KF8OX:u3tuFjAh/mvFimm09OX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3714ede6c778f49ca17ec2b45d8dfeabe8d6bc0cccdc8b445dbcde0484d61b51

    • Size

      565KB

    • MD5

      b09baddc0530e90ce1bd474322eab8cd

    • SHA1

      91ecb99e89e08213de016d10fe2194649866cf3a

    • SHA256

      3714ede6c778f49ca17ec2b45d8dfeabe8d6bc0cccdc8b445dbcde0484d61b51

    • SHA512

      e66414fcae777e54e8a701ca1da3dba645e0d169a2cc8d128e88d6346f9b10c108a7c59035c359d22f5a9f01505ea3cd17c9c71a670ad7a1c0daabbb4efa4225

    • SSDEEP

      12288:rUjqze3tuFjAh//+zrWAIAqWim/+zrWAI5KF8OX:u3tuFjAh/mvFimm09OX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks