berbew | b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8b | Triage

Sharing

General

Target

b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8bN
Size

362KB
Sample

241009-l3c3esxejp
MD5

fde5b9f9dbd857f8efa2d50cc79a1cf0
SHA1

0f2f669804d736e3761868c3abf0df67b1cb4ab3
SHA256

b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8b
SHA512

9cc918cf065106e9351759f31f21e388718d2656aa4fbced1d953537b3359b3695bdfefca9956869033f6ceafd71bb1e1a6441d219fc0ab43859df2f09abc435
SSDEEP

6144:aIRXKKdDbqXWtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1aj8DOvlvuZn:ayHV2mtmuMtrQ07nGWxWSsmiMyh95r5z

Score

10^/10

berbew backdoor discovery persistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

- Target
  
  b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8bN
- Size
  
  362KB
- MD5
  
  fde5b9f9dbd857f8efa2d50cc79a1cf0
- SHA1
  
  0f2f669804d736e3761868c3abf0df67b1cb4ab3
- SHA256
  
  b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8b
- SHA512
  
  9cc918cf065106e9351759f31f21e388718d2656aa4fbced1d953537b3359b3695bdfefca9956869033f6ceafd71bb1e1a6441d219fc0ab43859df2f09abc435
- SSDEEP
  
  6144:aIRXKKdDbqXWtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1aj8DOvlvuZn:ayHV2mtmuMtrQ07nGWxWSsmiMyh95r5z
Score

10^/10

berbew backdoor discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbackdoordiscoverypersistence

behavioral2

berbewbackdoordiscoverypersistence