Overview

overview

10

Static

static

3

5fa44a1211...bN.exe

windows7-x64

10

5fa44a1211...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5fa44a12118ea879d1a143965f700d507be36bd25b44415ca83a9cc80db031dbN

  • Size

    67KB

  • Sample

    241005-2qs6wavflp

  • MD5

    c8a93772297fe23569f67cf5d29532b0

  • SHA1

    a28a9c1d751ab9821567d31c2b210e2916a81af9

  • SHA256

    5fa44a12118ea879d1a143965f700d507be36bd25b44415ca83a9cc80db031db

  • SHA512

    0595224aab31143ce5a862c61cfac30b7179a9d142b53699d657e388810a496cb69e52528fd6c03bb421ff05e250d4899fc803b371918f2f8e2e55d623d204b9

  • SSDEEP

    1536:EKRTxLVj2dKSAhyS4Aie3lmHjIFwYd2UNhUhpR9mMeHUGt/RQrR/Rj:bHPGUhOpR9mMgt/erVx

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5fa44a12118ea879d1a143965f700d507be36bd25b44415ca83a9cc80db031dbN

    • Size

      67KB

    • MD5

      c8a93772297fe23569f67cf5d29532b0

    • SHA1

      a28a9c1d751ab9821567d31c2b210e2916a81af9

    • SHA256

      5fa44a12118ea879d1a143965f700d507be36bd25b44415ca83a9cc80db031db

    • SHA512

      0595224aab31143ce5a862c61cfac30b7179a9d142b53699d657e388810a496cb69e52528fd6c03bb421ff05e250d4899fc803b371918f2f8e2e55d623d204b9

    • SSDEEP

      1536:EKRTxLVj2dKSAhyS4Aie3lmHjIFwYd2UNhUhpR9mMeHUGt/RQrR/Rj:bHPGUhOpR9mMgt/erVx

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks