Overview

overview

10

Static

static

3

78be8d9cc0...1N.exe

windows7-x64

10

78be8d9cc0...1N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    78be8d9cc040e7947398f427e864ed2190c0cf230106120821e71eed9dd81f71N

  • Size

    71KB

  • Sample

    240930-2kqtkaycln

  • MD5

    caf50d369258e23e2a84e6d9ea88d7a0

  • SHA1

    aafa4f89dba6964350d2a8796f4ba3f25efedc45

  • SHA256

    78be8d9cc040e7947398f427e864ed2190c0cf230106120821e71eed9dd81f71

  • SHA512

    454b60380f083e028276569e8dcab56cf3daef172d0117aab1d373fe2ea6acd31053dae23d3704d3e2890f489cf658df11b295cf9db11081f3cb88534f3f631f

  • SSDEEP

    1536:bri2w/PDyAv5dSS6dHfIK7USSBn2RQsdDbEyRCRRRoR4Rk:brgP+AvvHCfIKISSp2eOEy032ya

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      78be8d9cc040e7947398f427e864ed2190c0cf230106120821e71eed9dd81f71N

    • Size

      71KB

    • MD5

      caf50d369258e23e2a84e6d9ea88d7a0

    • SHA1

      aafa4f89dba6964350d2a8796f4ba3f25efedc45

    • SHA256

      78be8d9cc040e7947398f427e864ed2190c0cf230106120821e71eed9dd81f71

    • SHA512

      454b60380f083e028276569e8dcab56cf3daef172d0117aab1d373fe2ea6acd31053dae23d3704d3e2890f489cf658df11b295cf9db11081f3cb88534f3f631f

    • SSDEEP

      1536:bri2w/PDyAv5dSS6dHfIK7USSBn2RQsdDbEyRCRRRoR4Rk:brgP+AvvHCfIKISSp2eOEy032ya

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks