Overview

overview

10

Static

static

3

09aa967bd5...a4.exe

windows7-x64

10

09aa967bd5...a4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09aa967bd5cc4d96a43cdc92119637ae51c8914b08ea01b64d5bd5a235618ba4

  • Size

    71KB

  • Sample

    240925-w3w6eazgjp

  • MD5

    6d9972186050169041def97d06dd3288

  • SHA1

    4baf02d1ccfba9b8ce9cee416491e7f40c381a77

  • SHA256

    09aa967bd5cc4d96a43cdc92119637ae51c8914b08ea01b64d5bd5a235618ba4

  • SHA512

    dee4a3f7c01754d22e3b26c52fd58d69a28cf7b95cefa2ee880f0b701c9a2c7c57580206d0faf40ca1705fb500e1c9b99ba1224e3e16dd07821cf56c4bf4d99f

  • SSDEEP

    1536:kHjAIAoHezKQgjvX2530qQf+v62EAJJIbAq5OXb9XbX3XXXXXXXXXXXXXXXXXXX2:kHjAuvXxqke6CYujASF0egEy032ya

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      09aa967bd5cc4d96a43cdc92119637ae51c8914b08ea01b64d5bd5a235618ba4

    • Size

      71KB

    • MD5

      6d9972186050169041def97d06dd3288

    • SHA1

      4baf02d1ccfba9b8ce9cee416491e7f40c381a77

    • SHA256

      09aa967bd5cc4d96a43cdc92119637ae51c8914b08ea01b64d5bd5a235618ba4

    • SHA512

      dee4a3f7c01754d22e3b26c52fd58d69a28cf7b95cefa2ee880f0b701c9a2c7c57580206d0faf40ca1705fb500e1c9b99ba1224e3e16dd07821cf56c4bf4d99f

    • SSDEEP

      1536:kHjAIAoHezKQgjvX2530qQf+v62EAJJIbAq5OXb9XbX3XXXXXXXXXXXXXXXXXXX2:kHjAuvXxqke6CYujASF0egEy032ya

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks