Overview

overview

10

Static

static

3

adeee9b6a5...fN.exe

windows7-x64

10

adeee9b6a5...fN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    adeee9b6a5393470b779fc2cd79909f3fa9b3c7683eee8fb6f2ffe41c53a98bfN

  • Size

    384KB

  • Sample

    240927-ga56aazhrd

  • MD5

    b043e47c4be4db200f450cb770491130

  • SHA1

    0744e4d2fdac0258233f38a8536430f0622a16c6

  • SHA256

    adeee9b6a5393470b779fc2cd79909f3fa9b3c7683eee8fb6f2ffe41c53a98bf

  • SHA512

    744a008718116b3e1d96c674ea1f21c39730b099f8d62bc7dceb25bb093e71856ab13b9b4651244cb5dd2f52fa605bd0e9854e8ca17d004228058dcfb0f70944

  • SSDEEP

    6144:NmXgCVf/M8HE8SeNpgdyuH1lZfRo0V8JcgE+ezpg12:NmX/f/Mt87g7/VycgE82

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      adeee9b6a5393470b779fc2cd79909f3fa9b3c7683eee8fb6f2ffe41c53a98bfN

    • Size

      384KB

    • MD5

      b043e47c4be4db200f450cb770491130

    • SHA1

      0744e4d2fdac0258233f38a8536430f0622a16c6

    • SHA256

      adeee9b6a5393470b779fc2cd79909f3fa9b3c7683eee8fb6f2ffe41c53a98bf

    • SHA512

      744a008718116b3e1d96c674ea1f21c39730b099f8d62bc7dceb25bb093e71856ab13b9b4651244cb5dd2f52fa605bd0e9854e8ca17d004228058dcfb0f70944

    • SSDEEP

      6144:NmXgCVf/M8HE8SeNpgdyuH1lZfRo0V8JcgE+ezpg12:NmX/f/Mt87g7/VycgE82

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks