Overview

overview

10

Static

static

3

69f5ab8051...6e.exe

windows7-x64

10

69f5ab8051...6e.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    69f5ab8051a0ea97a48279aa2c42f7a05b95133b2bc8c0c958d708464cf86c6e

  • Size

    592KB

  • Sample

    240925-2cfcvs1dpq

  • MD5

    a44fc5d80ec2e5e1b8602b31fcad6069

  • SHA1

    54edd63c381e5c4acf3aa87d928f66213564c9f9

  • SHA256

    69f5ab8051a0ea97a48279aa2c42f7a05b95133b2bc8c0c958d708464cf86c6e

  • SHA512

    f0b792314d8fed0cb10a4797acaedccc05541b0d5a8e51f97b51cbcba529bbb2cc91c5113086c2578bd58b56ede21672b7621c00e7fa469aaff57047c0667974

  • SSDEEP

    6144:SNlYscOpPQi8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrloBNTNxaaqk9a5:STV87g7/VycgE81lgxaa79y

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      69f5ab8051a0ea97a48279aa2c42f7a05b95133b2bc8c0c958d708464cf86c6e

    • Size

      592KB

    • MD5

      a44fc5d80ec2e5e1b8602b31fcad6069

    • SHA1

      54edd63c381e5c4acf3aa87d928f66213564c9f9

    • SHA256

      69f5ab8051a0ea97a48279aa2c42f7a05b95133b2bc8c0c958d708464cf86c6e

    • SHA512

      f0b792314d8fed0cb10a4797acaedccc05541b0d5a8e51f97b51cbcba529bbb2cc91c5113086c2578bd58b56ede21672b7621c00e7fa469aaff57047c0667974

    • SSDEEP

      6144:SNlYscOpPQi8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrloBNTNxaaqk9a5:STV87g7/VycgE81lgxaa79y

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks