Overview

overview

10

Static

static

3

2aea2ca911...2N.exe

windows7-x64

10

2aea2ca911...2N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2aea2ca91168eb59524ecfa9bb3afb87a9bf4829b79bb03662f7ecd18d439672N

  • Size

    89KB

  • Sample

    240919-nsq8eaxbnj

  • MD5

    4b731ff8cc66909655676222524c76b0

  • SHA1

    305587b7be0c5f84864578520246a89da476a6dc

  • SHA256

    2aea2ca91168eb59524ecfa9bb3afb87a9bf4829b79bb03662f7ecd18d439672

  • SHA512

    057b21f6e76829b88107808de161a28a73fb889fa0ac321b3df9f655c40e295aceb867a3166295de4a4e52ca623402068a27de55cc5fdb4360cdf143a8c8b4b9

  • SSDEEP

    1536:sEQFeLqUAOJR5CuvJDq02tYY1XfTRQ8UD68a+VMKKTRVGFtUhQfR1WRaROR8R:sEQFeLLAMLCuBm0eV1PTe2r4MKy3G7Ug

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      2aea2ca91168eb59524ecfa9bb3afb87a9bf4829b79bb03662f7ecd18d439672N

    • Size

      89KB

    • MD5

      4b731ff8cc66909655676222524c76b0

    • SHA1

      305587b7be0c5f84864578520246a89da476a6dc

    • SHA256

      2aea2ca91168eb59524ecfa9bb3afb87a9bf4829b79bb03662f7ecd18d439672

    • SHA512

      057b21f6e76829b88107808de161a28a73fb889fa0ac321b3df9f655c40e295aceb867a3166295de4a4e52ca623402068a27de55cc5fdb4360cdf143a8c8b4b9

    • SSDEEP

      1536:sEQFeLqUAOJR5CuvJDq02tYY1XfTRQ8UD68a+VMKKTRVGFtUhQfR1WRaROR8R:sEQFeLLAMLCuBm0eV1PTe2r4MKy3G7Ug

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks