Overview

overview

10

Static

static

3

15106fc6fc...5N.exe

windows7-x64

10

15106fc6fc...5N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    15106fc6fccfc8f1efdc5dfea11b69191c7c89acbdb6f91c3be8d611bfbad7d5N

  • Size

    71KB

  • Sample

    241005-t5trys1hla

  • MD5

    6e3508d93b516c8d47ab62e114fc92d0

  • SHA1

    98ea3bec2f8c3e02f30ece2fd61e3fcf03dfc748

  • SHA256

    15106fc6fccfc8f1efdc5dfea11b69191c7c89acbdb6f91c3be8d611bfbad7d5

  • SHA512

    7b6b7fd0b10b9bf975318bf255553f7a9d7f50f352903fb18b81cc05ff308c747218c4632b32690a4c5fafc22d2b8fc6c0b68d45a6ceb2390b8960d5461fb040

  • SSDEEP

    1536:f44prccnSBeDEHYXKW8FuxsCppxUkr5WvZFB7AjUtgRQ3DbEyRCRRRoR4Rk:f9yeA4XKfdc3Ukr5WxTdCePEy032ya

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      15106fc6fccfc8f1efdc5dfea11b69191c7c89acbdb6f91c3be8d611bfbad7d5N

    • Size

      71KB

    • MD5

      6e3508d93b516c8d47ab62e114fc92d0

    • SHA1

      98ea3bec2f8c3e02f30ece2fd61e3fcf03dfc748

    • SHA256

      15106fc6fccfc8f1efdc5dfea11b69191c7c89acbdb6f91c3be8d611bfbad7d5

    • SHA512

      7b6b7fd0b10b9bf975318bf255553f7a9d7f50f352903fb18b81cc05ff308c747218c4632b32690a4c5fafc22d2b8fc6c0b68d45a6ceb2390b8960d5461fb040

    • SSDEEP

      1536:f44prccnSBeDEHYXKW8FuxsCppxUkr5WvZFB7AjUtgRQ3DbEyRCRRRoR4Rk:f9yeA4XKfdc3Ukr5WxTdCePEy032ya

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks