Overview

overview

10

Static

static

3

d02dfb7d2b...cN.exe

windows7-x64

10

d02dfb7d2b...cN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d02dfb7d2bdf0dbaa223bc6c40e7806a8200a03f65f052f573d2f47275850fbcN

  • Size

    89KB

  • Sample

    241003-sjycks1hmp

  • MD5

    edd2c2ae89a78132a114962b32ebb430

  • SHA1

    97419de4269c01c3853473f629313c58421f11f0

  • SHA256

    d02dfb7d2bdf0dbaa223bc6c40e7806a8200a03f65f052f573d2f47275850fbc

  • SHA512

    f144c0deac5fbf2f9692e3a406987b136e0ed6f0faa136e6e807303e47a7c1cb33bbf133737183891c883aec327b7726d991547a5c1cc095f2a328f3c3546bca

  • SSDEEP

    1536:pKe6mepwlBYDHEBVc0tDDjVuti+ta4Tk5bljohEzWiRQMAD68a+VMKKTRVGFtUha:Qee+lyH+O0tJuPa42qEz1eer4MKy3G7r

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d02dfb7d2bdf0dbaa223bc6c40e7806a8200a03f65f052f573d2f47275850fbcN

    • Size

      89KB

    • MD5

      edd2c2ae89a78132a114962b32ebb430

    • SHA1

      97419de4269c01c3853473f629313c58421f11f0

    • SHA256

      d02dfb7d2bdf0dbaa223bc6c40e7806a8200a03f65f052f573d2f47275850fbc

    • SHA512

      f144c0deac5fbf2f9692e3a406987b136e0ed6f0faa136e6e807303e47a7c1cb33bbf133737183891c883aec327b7726d991547a5c1cc095f2a328f3c3546bca

    • SSDEEP

      1536:pKe6mepwlBYDHEBVc0tDDjVuti+ta4Tk5bljohEzWiRQMAD68a+VMKKTRVGFtUha:Qee+lyH+O0tJuPa42qEz1eer4MKy3G7r

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks