Overview

overview

10

Static

static

3

dd8403e29d...9N.exe

windows7-x64

10

dd8403e29d...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd8403e29d9539e145d61a95b6c91601df77c0aa7c38b06c25371d05fd27f559N

  • Size

    196KB

  • Sample

    241002-bswrnstfqg

  • MD5

    3f304b7d1d876a7292c767cdf72a9610

  • SHA1

    4453fdd5684f7d11f529a6af05c875c460809913

  • SHA256

    dd8403e29d9539e145d61a95b6c91601df77c0aa7c38b06c25371d05fd27f559

  • SHA512

    545de56b5ff602d2ae9ec32f5c67703f2fe8482fe88726c70fa44ddad0c5364ccc18b2d80c3accd25008a8e1e4a92ad3f851f375c454303d2e4135dd81651dc7

  • SSDEEP

    3072:x9n5yq2bRSnnPWOeetgu+tAcrbFAJc+RsUi1aVDkOvhJjvJ+uFli55p1:x2RuhQrtMsQBvli

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dd8403e29d9539e145d61a95b6c91601df77c0aa7c38b06c25371d05fd27f559N

    • Size

      196KB

    • MD5

      3f304b7d1d876a7292c767cdf72a9610

    • SHA1

      4453fdd5684f7d11f529a6af05c875c460809913

    • SHA256

      dd8403e29d9539e145d61a95b6c91601df77c0aa7c38b06c25371d05fd27f559

    • SHA512

      545de56b5ff602d2ae9ec32f5c67703f2fe8482fe88726c70fa44ddad0c5364ccc18b2d80c3accd25008a8e1e4a92ad3f851f375c454303d2e4135dd81651dc7

    • SSDEEP

      3072:x9n5yq2bRSnnPWOeetgu+tAcrbFAJc+RsUi1aVDkOvhJjvJ+uFli55p1:x2RuhQrtMsQBvli

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks