Overview

overview

10

Static

static

3

f48a24396b...1N.exe

windows7-x64

10

f48a24396b...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f48a24396bebce3df77aece074503569e0e36446e52e5d7ccb53b1c6d8e91cd1N

  • Size

    362KB

  • Sample

    240919-gzvqvavdmn

  • MD5

    affce139cecd56c15892faedc2e835f0

  • SHA1

    36e7cf7c1c6dcbe339b13bea85e5152f1a616293

  • SHA256

    f48a24396bebce3df77aece074503569e0e36446e52e5d7ccb53b1c6d8e91cd1

  • SHA512

    acc59fa11b7d8e396b12d131d471b4e490720aee55074b05aae3b0393faaa3dfe31527bf81b5634706485d98e4ed696921e6b2899aebedc6921ed79c9b3c77fc

  • SSDEEP

    6144:+oUtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1aj8DOvlvuZxriEldlvPf:CtmuMtrQ07nGWxWSsmiMyh95r5OPGaj+

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f48a24396bebce3df77aece074503569e0e36446e52e5d7ccb53b1c6d8e91cd1N

    • Size

      362KB

    • MD5

      affce139cecd56c15892faedc2e835f0

    • SHA1

      36e7cf7c1c6dcbe339b13bea85e5152f1a616293

    • SHA256

      f48a24396bebce3df77aece074503569e0e36446e52e5d7ccb53b1c6d8e91cd1

    • SHA512

      acc59fa11b7d8e396b12d131d471b4e490720aee55074b05aae3b0393faaa3dfe31527bf81b5634706485d98e4ed696921e6b2899aebedc6921ed79c9b3c77fc

    • SSDEEP

      6144:+oUtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1aj8DOvlvuZxriEldlvPf:CtmuMtrQ07nGWxWSsmiMyh95r5OPGaj+

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks