Overview

overview

10

Static

static

3

01b1a630ab...8N.exe

windows7-x64

10

01b1a630ab...8N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    01b1a630abff8911446358ff23744e1d2af8b1d9258d057426114c0ac3cc3708N

  • Size

    80KB

  • Sample

    241002-a5pcpasele

  • MD5

    198f877edc91b5ad423754971ab20a30

  • SHA1

    64eef8dd1f17aa8f751398d513ecbb89f8e25aec

  • SHA256

    01b1a630abff8911446358ff23744e1d2af8b1d9258d057426114c0ac3cc3708

  • SHA512

    894e32c3dfd18b9a25fe3e8681c53ffbba8bc4dcbb31cd2ae6812ad21856c9a95d12f1afc476626d7c8c57bc6d059efc2137e5c34c16a8e4507dfa71d2ee330a

  • SSDEEP

    1536:BjM+8gnIju7J7etv7Nfr5AGU0hgasg40wRARQA1RJJ5R2xOSC4BG:qRJ4JGvZD5AGjhgE4CeerJ5wxO344

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      01b1a630abff8911446358ff23744e1d2af8b1d9258d057426114c0ac3cc3708N

    • Size

      80KB

    • MD5

      198f877edc91b5ad423754971ab20a30

    • SHA1

      64eef8dd1f17aa8f751398d513ecbb89f8e25aec

    • SHA256

      01b1a630abff8911446358ff23744e1d2af8b1d9258d057426114c0ac3cc3708

    • SHA512

      894e32c3dfd18b9a25fe3e8681c53ffbba8bc4dcbb31cd2ae6812ad21856c9a95d12f1afc476626d7c8c57bc6d059efc2137e5c34c16a8e4507dfa71d2ee330a

    • SSDEEP

      1536:BjM+8gnIju7J7etv7Nfr5AGU0hgasg40wRARQA1RJJ5R2xOSC4BG:qRJ4JGvZD5AGjhgE4CeerJ5wxO344

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks