Overview

overview

10

Static

static

3

1b065690fe...4N.exe

windows7-x64

10

1b065690fe...4N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1b065690fe1cf145523b18d25eb71b429c9a0c11754cccca575021c198b39034N

  • Size

    101KB

  • Sample

    241004-j8h5hsxfre

  • MD5

    a92106edd469e6b977c21250a8772e50

  • SHA1

    bf4f4de8eb79953c5c8b06e292c83984d89ed0ac

  • SHA256

    1b065690fe1cf145523b18d25eb71b429c9a0c11754cccca575021c198b39034

  • SHA512

    190e63b59ecba397c017b80e59977df952b61fb0d30431b1a33bb6a4e44035dba44ce916dd839b001cda1d0a3c3a7bae28d508fed0e7a85c308360e70c088c6a

  • SSDEEP

    3072:G4G3BYV7A9hhCB87lHCw7Vte343/zrB3g3k8p4qI4/HQCC:G4GKV7A9HNlVwEPBZs/HNC

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1b065690fe1cf145523b18d25eb71b429c9a0c11754cccca575021c198b39034N

    • Size

      101KB

    • MD5

      a92106edd469e6b977c21250a8772e50

    • SHA1

      bf4f4de8eb79953c5c8b06e292c83984d89ed0ac

    • SHA256

      1b065690fe1cf145523b18d25eb71b429c9a0c11754cccca575021c198b39034

    • SHA512

      190e63b59ecba397c017b80e59977df952b61fb0d30431b1a33bb6a4e44035dba44ce916dd839b001cda1d0a3c3a7bae28d508fed0e7a85c308360e70c088c6a

    • SSDEEP

      3072:G4G3BYV7A9hhCB87lHCw7Vte343/zrB3g3k8p4qI4/HQCC:G4GKV7A9HNlVwEPBZs/HNC

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks