Overview

overview

10

Static

static

3

4d9ace1c2e...9N.exe

windows7-x64

10

4d9ace1c2e...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d9ace1c2e09e1e756a1400667c2dcb5be239daba679c46945bcd4430a596b49N

  • Size

    71KB

  • Sample

    240927-weshbawajg

  • MD5

    62bae291de449e375dc6831061d54720

  • SHA1

    852ed717a04d4d0ac1396d9a9cc459af9ae2a3d1

  • SHA256

    4d9ace1c2e09e1e756a1400667c2dcb5be239daba679c46945bcd4430a596b49

  • SHA512

    74d21e4feadc0c9f33cec3e45e1d9bfe32730423233cf49c7d89ff2642b28b52bf5252f6f244fa840ad6406de3c50414abaea1f2f1939ff13704db2fcdb69ef8

  • SSDEEP

    1536:+LWnRIwrcB72P6XktZOGlhbAU0bOpSDxapERQuDbEyRCRRRoR4Rk:+LODgvEhbSSpEeAEy032ya

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4d9ace1c2e09e1e756a1400667c2dcb5be239daba679c46945bcd4430a596b49N

    • Size

      71KB

    • MD5

      62bae291de449e375dc6831061d54720

    • SHA1

      852ed717a04d4d0ac1396d9a9cc459af9ae2a3d1

    • SHA256

      4d9ace1c2e09e1e756a1400667c2dcb5be239daba679c46945bcd4430a596b49

    • SHA512

      74d21e4feadc0c9f33cec3e45e1d9bfe32730423233cf49c7d89ff2642b28b52bf5252f6f244fa840ad6406de3c50414abaea1f2f1939ff13704db2fcdb69ef8

    • SSDEEP

      1536:+LWnRIwrcB72P6XktZOGlhbAU0bOpSDxapERQuDbEyRCRRRoR4Rk:+LODgvEhbSSpEeAEy032ya

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks