Overview

overview

10

Static

static

3

48a253f3dd...8N.exe

windows7-x64

10

48a253f3dd...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48a253f3dd686ac5ca3752b392fc18255954e49fa9acaf74a4c3f28207d9fb98N

  • Size

    89KB

  • Sample

    240919-etzfqs1blk

  • MD5

    5d407fa17a2e8d9767f5523b0906b300

  • SHA1

    3d28b57d47c6030cf822f946d7f442ebe2638e06

  • SHA256

    48a253f3dd686ac5ca3752b392fc18255954e49fa9acaf74a4c3f28207d9fb98

  • SHA512

    923705fdc5d945ccadfb3caa8c5e9e97ab1e9681657785c40c718fbc78c3645cefb78243781252de7e6c063e24bb8d3754ec0157cc4baa0b75184abc3f1d74ba

  • SSDEEP

    1536:aEocbUsMhBSQ6H4JD/+ANZvT1r2RQ7VCUhjtWuc0uzwERQBR+KRFR3RzR1URJrCk:aEoTsMhBStk+wZr2RCVCKou8wEeBjb5C

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      48a253f3dd686ac5ca3752b392fc18255954e49fa9acaf74a4c3f28207d9fb98N

    • Size

      89KB

    • MD5

      5d407fa17a2e8d9767f5523b0906b300

    • SHA1

      3d28b57d47c6030cf822f946d7f442ebe2638e06

    • SHA256

      48a253f3dd686ac5ca3752b392fc18255954e49fa9acaf74a4c3f28207d9fb98

    • SHA512

      923705fdc5d945ccadfb3caa8c5e9e97ab1e9681657785c40c718fbc78c3645cefb78243781252de7e6c063e24bb8d3754ec0157cc4baa0b75184abc3f1d74ba

    • SSDEEP

      1536:aEocbUsMhBSQ6H4JD/+ANZvT1r2RQ7VCUhjtWuc0uzwERQBR+KRFR3RzR1URJrCk:aEoTsMhBStk+wZr2RCVCKou8wEeBjb5C

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks