Overview

overview

10

Static

static

3

1ed19987c0...aN.exe

windows7-x64

10

1ed19987c0...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ed19987c07b81078ad9e99f12015a79b1415688df12923d4c0dd46fbb26d19aN

  • Size

    80KB

  • Sample

    240927-ya6v9awalr

  • MD5

    4cedb04c35e083d9f17fa7a664bbd7f0

  • SHA1

    2d28f5b50adec86f70df7d495b83d2ad28fdbf5c

  • SHA256

    1ed19987c07b81078ad9e99f12015a79b1415688df12923d4c0dd46fbb26d19a

  • SHA512

    7cfeb4328d1de9de4296a01e6a717596f0806a994679db1af97ae0cb7f5574fb9868933edc754e2ba5c51cea64487d46324a792a265508db1af1412e1e290674

  • SSDEEP

    1536:jec60wkvwR9jtkzk0ecbKnavmc75ZdMRQAsLRJJ5R2xOSC4BG:jeblqwPZyecUWmAdMeJrJ5wxO344

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1ed19987c07b81078ad9e99f12015a79b1415688df12923d4c0dd46fbb26d19aN

    • Size

      80KB

    • MD5

      4cedb04c35e083d9f17fa7a664bbd7f0

    • SHA1

      2d28f5b50adec86f70df7d495b83d2ad28fdbf5c

    • SHA256

      1ed19987c07b81078ad9e99f12015a79b1415688df12923d4c0dd46fbb26d19a

    • SHA512

      7cfeb4328d1de9de4296a01e6a717596f0806a994679db1af97ae0cb7f5574fb9868933edc754e2ba5c51cea64487d46324a792a265508db1af1412e1e290674

    • SSDEEP

      1536:jec60wkvwR9jtkzk0ecbKnavmc75ZdMRQAsLRJJ5R2xOSC4BG:jeblqwPZyecUWmAdMeJrJ5wxO344

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks