Overview

overview

10

Static

static

10

933f7700c6...2N.exe

windows7-x64

10

933f7700c6...2N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    933f7700c69a6d7ca5cb82b107dc11bf8d831ff6a18e01e05acd01f02c69b472N

  • Size

    104KB

  • Sample

    241009-lxnxqswhkl

  • MD5

    fb1f18f26371d11218d81ab5e08bb450

  • SHA1

    d8bcaf819a066e76deb9f0ea7bb5e2dd08a7bf29

  • SHA256

    933f7700c69a6d7ca5cb82b107dc11bf8d831ff6a18e01e05acd01f02c69b472

  • SHA512

    30c9e833efdc7f2947ace20bf00a17d43d4b7f20dbd3e271a94ef0a357f96bb2d98fd83e0f95e188eca2336d3773dfc839b573c7b6a20d19abb3e87efd918c24

  • SSDEEP

    3072:GMJp9ki/OS1GGRPaOXgm1d25Pe5bx7cEGrhkngpDvchkqbAIQS:GMJpGlS4WNum5bx4brq2Ahn

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      933f7700c69a6d7ca5cb82b107dc11bf8d831ff6a18e01e05acd01f02c69b472N

    • Size

      104KB

    • MD5

      fb1f18f26371d11218d81ab5e08bb450

    • SHA1

      d8bcaf819a066e76deb9f0ea7bb5e2dd08a7bf29

    • SHA256

      933f7700c69a6d7ca5cb82b107dc11bf8d831ff6a18e01e05acd01f02c69b472

    • SHA512

      30c9e833efdc7f2947ace20bf00a17d43d4b7f20dbd3e271a94ef0a357f96bb2d98fd83e0f95e188eca2336d3773dfc839b573c7b6a20d19abb3e87efd918c24

    • SSDEEP

      3072:GMJp9ki/OS1GGRPaOXgm1d25Pe5bx7cEGrhkngpDvchkqbAIQS:GMJpGlS4WNum5bx4brq2Ahn

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks