Overview

overview

10

Static

static

3

9f231e55b3...fN.exe

windows7-x64

10

9f231e55b3...fN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9f231e55b312d4f597d0fc64374ba4484c1740a5dc3330b6d6c1d29b637b380fN

  • Size

    304KB

  • Sample

    240930-w7garatcna

  • MD5

    a503cf81ad403f145e345f7e65031df0

  • SHA1

    8641cd4f247982ea16136c092aa7e6a6b007cae2

  • SHA256

    9f231e55b312d4f597d0fc64374ba4484c1740a5dc3330b6d6c1d29b637b380f

  • SHA512

    f4a56cab00080b1037ade647178d4337558d4d6c9eff8c67c9f7dc520f5206145478cdc17c854c72e7265ce169e17ec19e97c82d6e0444ea8c1238c85e7374e2

  • SSDEEP

    6144:CikVp0ArhnEiTJqgxloNUdDg8E9EKIrD0Lu:xkO4dDYEKw0

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9f231e55b312d4f597d0fc64374ba4484c1740a5dc3330b6d6c1d29b637b380fN

    • Size

      304KB

    • MD5

      a503cf81ad403f145e345f7e65031df0

    • SHA1

      8641cd4f247982ea16136c092aa7e6a6b007cae2

    • SHA256

      9f231e55b312d4f597d0fc64374ba4484c1740a5dc3330b6d6c1d29b637b380f

    • SHA512

      f4a56cab00080b1037ade647178d4337558d4d6c9eff8c67c9f7dc520f5206145478cdc17c854c72e7265ce169e17ec19e97c82d6e0444ea8c1238c85e7374e2

    • SSDEEP

      6144:CikVp0ArhnEiTJqgxloNUdDg8E9EKIrD0Lu:xkO4dDYEKw0

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks