Overview

overview

10

Static

static

3

75d433cd93...02.exe

windows7-x64

10

75d433cd93...02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75d433cd93039fe3b267eb255bf760985eb1c1dab3f332e52479e9c26da72202

  • Size

    89KB

  • Sample

    240921-1svl2swdmr

  • MD5

    74ccb6d99e92f3df4dba0c5c36f392c1

  • SHA1

    67316d136f49932b9e1a828854a3ee9ea5295fe5

  • SHA256

    75d433cd93039fe3b267eb255bf760985eb1c1dab3f332e52479e9c26da72202

  • SHA512

    657e9b21df5b7f0fb006ef3e3445e2d2c4b5b9a2abd00b7f1aa27c8dbc3e8c3a136e81057c9760291239d4957b27159cf67da8a32f474423154d364aca7cd65e

  • SSDEEP

    1536:OfSn9nIQcLcJHb17DgypsosMfs8NXup16QyX08vRQ1D68a+VMKKTRVGFtUhQfR1p:CIIQQcJHRwyyosAw16Quesr4MKy3G7Ug

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      75d433cd93039fe3b267eb255bf760985eb1c1dab3f332e52479e9c26da72202

    • Size

      89KB

    • MD5

      74ccb6d99e92f3df4dba0c5c36f392c1

    • SHA1

      67316d136f49932b9e1a828854a3ee9ea5295fe5

    • SHA256

      75d433cd93039fe3b267eb255bf760985eb1c1dab3f332e52479e9c26da72202

    • SHA512

      657e9b21df5b7f0fb006ef3e3445e2d2c4b5b9a2abd00b7f1aa27c8dbc3e8c3a136e81057c9760291239d4957b27159cf67da8a32f474423154d364aca7cd65e

    • SSDEEP

      1536:OfSn9nIQcLcJHb17DgypsosMfs8NXup16QyX08vRQ1D68a+VMKKTRVGFtUhQfR1p:CIIQQcJHRwyyosAw16Quesr4MKy3G7Ug

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks