Overview

overview

10

Static

static

3

6ddcaf0973...bN.exe

windows7-x64

10

6ddcaf0973...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ddcaf09732982c09d240c20df30110a7a9a5640710e032bb24f0ce0d22e3f5bN

  • Size

    111KB

  • Sample

    241003-c1qq3azfpq

  • MD5

    e36929e8bf52507d20fc25b3e3b3dd30

  • SHA1

    f434a1c804b9701080cbf71bff8179161d4338a2

  • SHA256

    6ddcaf09732982c09d240c20df30110a7a9a5640710e032bb24f0ce0d22e3f5b

  • SHA512

    e62fd079b4390b757c088ceeec2aaf9c35240c006d60e054349ac75a1795c4d6364d0d990eb86e05c400974f4547b9d533fec89c1a6b2f6b395a2da7ea8125ef

  • SSDEEP

    3072:uJBgXrd++DVpIHecflJGlse9blwebw0v0wnJcefSXQHPTTAkvB5Ddj:eiMyp6eGlJze95L9tnJfKXqPTX7DB

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6ddcaf09732982c09d240c20df30110a7a9a5640710e032bb24f0ce0d22e3f5bN

    • Size

      111KB

    • MD5

      e36929e8bf52507d20fc25b3e3b3dd30

    • SHA1

      f434a1c804b9701080cbf71bff8179161d4338a2

    • SHA256

      6ddcaf09732982c09d240c20df30110a7a9a5640710e032bb24f0ce0d22e3f5b

    • SHA512

      e62fd079b4390b757c088ceeec2aaf9c35240c006d60e054349ac75a1795c4d6364d0d990eb86e05c400974f4547b9d533fec89c1a6b2f6b395a2da7ea8125ef

    • SSDEEP

      3072:uJBgXrd++DVpIHecflJGlse9blwebw0v0wnJcefSXQHPTTAkvB5Ddj:eiMyp6eGlJze95L9tnJfKXqPTX7DB

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks