Overview

overview

10

Static

static

3

823730766f...db.exe

windows7-x64

10

823730766f...db.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    823730766fa81ee07ab56a50dca5e3a3e3eb2acf9e3de3b061e97dc0960b11db

  • Size

    208KB

  • Sample

    240929-3ejzhazcma

  • MD5

    c20f90c79b0c742a0144198faf37d647

  • SHA1

    1023b88db4ff2323e82eac014fc514b334c2ac00

  • SHA256

    823730766fa81ee07ab56a50dca5e3a3e3eb2acf9e3de3b061e97dc0960b11db

  • SHA512

    eddfa612c7892ec6f97871aaf2cc50fd2a51c148366c34ca3b5e3daad5bb5d6e65db76b8727aece48cc52c207d0f4b97c71192dda750512e61dff9b718b9483a

  • SSDEEP

    6144:NfqLwe5I4MDX4EYtCwGtMtkiXOoloMr1JeSldqP7+x55KmC:AJ3ChtMtkM71r1MSXqPix55Kx

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      823730766fa81ee07ab56a50dca5e3a3e3eb2acf9e3de3b061e97dc0960b11db

    • Size

      208KB

    • MD5

      c20f90c79b0c742a0144198faf37d647

    • SHA1

      1023b88db4ff2323e82eac014fc514b334c2ac00

    • SHA256

      823730766fa81ee07ab56a50dca5e3a3e3eb2acf9e3de3b061e97dc0960b11db

    • SHA512

      eddfa612c7892ec6f97871aaf2cc50fd2a51c148366c34ca3b5e3daad5bb5d6e65db76b8727aece48cc52c207d0f4b97c71192dda750512e61dff9b718b9483a

    • SSDEEP

      6144:NfqLwe5I4MDX4EYtCwGtMtkiXOoloMr1JeSldqP7+x55KmC:AJ3ChtMtkM71r1MSXqPix55Kx

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks