Overview

overview

10

Static

static

3

c7b2b2fc1a...4N.exe

windows7-x64

10

c7b2b2fc1a...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7b2b2fc1a8c57d8cb17c98d3a81d65764ac5ade48a6df7f1643c3b4b5036204N

  • Size

    89KB

  • Sample

    240919-e36w6s1enl

  • MD5

    43fcc52914e3d3fede591e53f036f0e0

  • SHA1

    074d073dcdcfe216255f87d172235e1106640acc

  • SHA256

    c7b2b2fc1a8c57d8cb17c98d3a81d65764ac5ade48a6df7f1643c3b4b5036204

  • SHA512

    0928776fc174298709c31cb0b291685f7f1fadb7978207b257ef7ed0db77aa91d870fbea8ae15774c81de39c840c27d9a2a1883ba9d31549c2a3ffb7ed8ab93f

  • SSDEEP

    1536:xqQ242tfGFMC69zhNqTQkzfd+8zQtPgLkpbMHRQOD68a+VMKKTRVGFtUhQfR1WRw:X24eGFMxvNqTQkzfd+8mAsMHeHr4MKym

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c7b2b2fc1a8c57d8cb17c98d3a81d65764ac5ade48a6df7f1643c3b4b5036204N

    • Size

      89KB

    • MD5

      43fcc52914e3d3fede591e53f036f0e0

    • SHA1

      074d073dcdcfe216255f87d172235e1106640acc

    • SHA256

      c7b2b2fc1a8c57d8cb17c98d3a81d65764ac5ade48a6df7f1643c3b4b5036204

    • SHA512

      0928776fc174298709c31cb0b291685f7f1fadb7978207b257ef7ed0db77aa91d870fbea8ae15774c81de39c840c27d9a2a1883ba9d31549c2a3ffb7ed8ab93f

    • SSDEEP

      1536:xqQ242tfGFMC69zhNqTQkzfd+8zQtPgLkpbMHRQOD68a+VMKKTRVGFtUhQfR1WRw:X24eGFMxvNqTQkzfd+8mAsMHeHr4MKym

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks