Overview

overview

10

Static

static

3

5d660129f2...aN.exe

windows7-x64

10

5d660129f2...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d660129f23fb47e06a1e450eaadef7c38767fb4c37dfc5f1b24c5b8b2270dcaN

  • Size

    285KB

  • Sample

    241005-kk94rswbpq

  • MD5

    e98e59b55bba76ff1b20122ea86de300

  • SHA1

    2dae35e2a3bfa47bef294443d3f276d1ab316785

  • SHA256

    5d660129f23fb47e06a1e450eaadef7c38767fb4c37dfc5f1b24c5b8b2270dca

  • SHA512

    7c537490e121eab80afa2280f5e0fc9b0e813cf8346a969486ba70bcf63334ab1b376959b77ac5ffbc39f384ac01bddab429fdf21a64ed188d9110bbc43efc4b

  • SSDEEP

    3072:1TqqhmYbRWp/WpXCEIe+KVcbMloVRr3uMg0kAqSxYiJ2QM4GKch:17hbWpWXND+KQIoi7tWa

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5d660129f23fb47e06a1e450eaadef7c38767fb4c37dfc5f1b24c5b8b2270dcaN

    • Size

      285KB

    • MD5

      e98e59b55bba76ff1b20122ea86de300

    • SHA1

      2dae35e2a3bfa47bef294443d3f276d1ab316785

    • SHA256

      5d660129f23fb47e06a1e450eaadef7c38767fb4c37dfc5f1b24c5b8b2270dca

    • SHA512

      7c537490e121eab80afa2280f5e0fc9b0e813cf8346a969486ba70bcf63334ab1b376959b77ac5ffbc39f384ac01bddab429fdf21a64ed188d9110bbc43efc4b

    • SSDEEP

      3072:1TqqhmYbRWp/WpXCEIe+KVcbMloVRr3uMg0kAqSxYiJ2QM4GKch:17hbWpWXND+KQIoi7tWa

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks