Overview

overview

10

Static

static

3

ad2c76d2a6...dN.exe

windows7-x64

10

ad2c76d2a6...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad2c76d2a6388b8c455fc3c577fad9cfc276a1de4d3f25411e4602adc9956a1dN

  • Size

    95KB

  • Sample

    241006-dr9m9avhpa

  • MD5

    b19552564bea84f6870afdcf2391be70

  • SHA1

    a00a1ff99497927018b76ff584cf1f1c8af3da5c

  • SHA256

    ad2c76d2a6388b8c455fc3c577fad9cfc276a1de4d3f25411e4602adc9956a1d

  • SHA512

    1ae2b96e4cd7b36abacbf6be4fbb5987d099b78a6cbb3a8be79f4bd2d82812754b2faa24a12d1324f70cee1649826c80a18aa0c162bd36c20abd55553aa39b5c

  • SSDEEP

    1536:Cqlc+MB3l9+dsk8lyqGh0ekSD7nh+WxEo6RQrtRRVRoRch1dROrwpOudRirVtFs+:CqO+MB3l9+dBCeLXn76ezTWM1dQrTOwJ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ad2c76d2a6388b8c455fc3c577fad9cfc276a1de4d3f25411e4602adc9956a1dN

    • Size

      95KB

    • MD5

      b19552564bea84f6870afdcf2391be70

    • SHA1

      a00a1ff99497927018b76ff584cf1f1c8af3da5c

    • SHA256

      ad2c76d2a6388b8c455fc3c577fad9cfc276a1de4d3f25411e4602adc9956a1d

    • SHA512

      1ae2b96e4cd7b36abacbf6be4fbb5987d099b78a6cbb3a8be79f4bd2d82812754b2faa24a12d1324f70cee1649826c80a18aa0c162bd36c20abd55553aa39b5c

    • SSDEEP

      1536:Cqlc+MB3l9+dsk8lyqGh0ekSD7nh+WxEo6RQrtRRVRoRch1dROrwpOudRirVtFs+:CqO+MB3l9+dBCeLXn76ezTWM1dQrTOwJ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks