Overview

overview

10

Static

static

3

603a909d1e...4c.exe

windows7-x64

10

603a909d1e...4c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    603a909d1e45719d1ee51658c7a425ac99626425f385e74a3a820ab336c5314c

  • Size

    89KB

  • Sample

    241009-1d8kcsvbqm

  • MD5

    cc296f62d4dbb25b4f581ade621d5fda

  • SHA1

    197d364f1f73941accf8624f6507aa807be8e071

  • SHA256

    603a909d1e45719d1ee51658c7a425ac99626425f385e74a3a820ab336c5314c

  • SHA512

    6cdd81f3f6ecb4c71771649c489874a59ffbf7ef0f45e23c67ba756f3731f44a3a49bce1fee5fe330b3aa01803e2af82902ae982bbe10fed60aa5d10f81004be

  • SSDEEP

    1536:V4r2fQQ+QsSSY3z+T6e8ohXMDjG0RQSjD68a+VMKKTRVGFtUhQfR1WRaROR8R:V4aoQ+RczM6e8ohXMDK0edr4MKy3G7Ug

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      603a909d1e45719d1ee51658c7a425ac99626425f385e74a3a820ab336c5314c

    • Size

      89KB

    • MD5

      cc296f62d4dbb25b4f581ade621d5fda

    • SHA1

      197d364f1f73941accf8624f6507aa807be8e071

    • SHA256

      603a909d1e45719d1ee51658c7a425ac99626425f385e74a3a820ab336c5314c

    • SHA512

      6cdd81f3f6ecb4c71771649c489874a59ffbf7ef0f45e23c67ba756f3731f44a3a49bce1fee5fe330b3aa01803e2af82902ae982bbe10fed60aa5d10f81004be

    • SSDEEP

      1536:V4r2fQQ+QsSSY3z+T6e8ohXMDjG0RQSjD68a+VMKKTRVGFtUhQfR1WRaROR8R:V4aoQ+RczM6e8ohXMDK0edr4MKy3G7Ug

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks