Overview

overview

10

Static

static

3

8496c25de0...fN.exe

windows7-x64

10

8496c25de0...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8496c25de09c3fbccfce4de463b77db56300408a7d8d2d5dc4d4562422f4b98fN

  • Size

    208KB

  • Sample

    241004-b17txa1emd

  • MD5

    af93ec41996c17d106682fd590ce0230

  • SHA1

    864c80a510c9ade4269987f3f6982b6e2165291b

  • SHA256

    8496c25de09c3fbccfce4de463b77db56300408a7d8d2d5dc4d4562422f4b98f

  • SHA512

    f444883e96435a620c6fac8752be807520183d77b324299d131d1b4c99ddbb5e9fa74004a76a771b69c9a3bcbf2b84d0cb49f8c3e758e684cc0f3436d24cd87d

  • SSDEEP

    6144:ezz8BFuDX4EYtCwGtMtkiXOoloMr1JeSldqP7+x55KmC:eoChtMtkM71r1MSXqPix55Kx

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8496c25de09c3fbccfce4de463b77db56300408a7d8d2d5dc4d4562422f4b98fN

    • Size

      208KB

    • MD5

      af93ec41996c17d106682fd590ce0230

    • SHA1

      864c80a510c9ade4269987f3f6982b6e2165291b

    • SHA256

      8496c25de09c3fbccfce4de463b77db56300408a7d8d2d5dc4d4562422f4b98f

    • SHA512

      f444883e96435a620c6fac8752be807520183d77b324299d131d1b4c99ddbb5e9fa74004a76a771b69c9a3bcbf2b84d0cb49f8c3e758e684cc0f3436d24cd87d

    • SSDEEP

      6144:ezz8BFuDX4EYtCwGtMtkiXOoloMr1JeSldqP7+x55KmC:eoChtMtkM71r1MSXqPix55Kx

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks