Overview

overview

10

Static

static

3

86d68d3d04...0N.exe

windows7-x64

10

86d68d3d04...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86d68d3d04e81bc04c956e489d98ffae462904ad6e5fad1d1d62b0e06805fd70N

  • Size

    71KB

  • Sample

    241001-xnpcpayglb

  • MD5

    50bb233e6a2c2fb4cf8a48e12e5623f0

  • SHA1

    dd68ee8bcb940c5d6164534fdb752dd6cdbf9092

  • SHA256

    86d68d3d04e81bc04c956e489d98ffae462904ad6e5fad1d1d62b0e06805fd70

  • SHA512

    626ec348dfd3b6547a4fa1610ffb0fd0437ea97f3c427a86f25b0952a3f64dd22e95b6c9bf67ead97ae43d5fe42f18239c1a4b7994b85fc31ee5c36cbd1efc27

  • SSDEEP

    1536:4hADdBXt93kBu0rvhdFJKAu++MZkQu1zY+8LnGcbLRQ3DbEyRCRRRoR4Rk:qADTL0JdFVu8ZkQu1zY+AnGc3ePEy03a

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      86d68d3d04e81bc04c956e489d98ffae462904ad6e5fad1d1d62b0e06805fd70N

    • Size

      71KB

    • MD5

      50bb233e6a2c2fb4cf8a48e12e5623f0

    • SHA1

      dd68ee8bcb940c5d6164534fdb752dd6cdbf9092

    • SHA256

      86d68d3d04e81bc04c956e489d98ffae462904ad6e5fad1d1d62b0e06805fd70

    • SHA512

      626ec348dfd3b6547a4fa1610ffb0fd0437ea97f3c427a86f25b0952a3f64dd22e95b6c9bf67ead97ae43d5fe42f18239c1a4b7994b85fc31ee5c36cbd1efc27

    • SSDEEP

      1536:4hADdBXt93kBu0rvhdFJKAu++MZkQu1zY+8LnGcbLRQ3DbEyRCRRRoR4Rk:qADTL0JdFVu8ZkQu1zY+AnGc3ePEy03a

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks