Overview

overview

10

Static

static

3

ef278af3b7...4N.exe

windows7-x64

10

ef278af3b7...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef278af3b7621aa1c8ad6120a04dff8f537674cae46bf45e412c7e4c367f2144N

  • Size

    71KB

  • Sample

    241009-pk7e4ayepb

  • MD5

    9befed82f26f9c67c1cf1cba3a08b350

  • SHA1

    4a5a74bb6181016aba3c2d591971b2ac46cb457d

  • SHA256

    ef278af3b7621aa1c8ad6120a04dff8f537674cae46bf45e412c7e4c367f2144

  • SHA512

    3fb7f7e3decd3a6c075f09a28da41e4ff0752ade3ab46951cf0a58c7a82cf11bf22faf4f6933ca767f215e6d93d58db3ea1daaab0dc6fc42ddd982257ce95047

  • SSDEEP

    1536:d1Fi8TK8kaBL8CPmZjArCd0PzzRQTK1P+ATT:djRTgaBL9prCGPfe+P+A3

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ef278af3b7621aa1c8ad6120a04dff8f537674cae46bf45e412c7e4c367f2144N

    • Size

      71KB

    • MD5

      9befed82f26f9c67c1cf1cba3a08b350

    • SHA1

      4a5a74bb6181016aba3c2d591971b2ac46cb457d

    • SHA256

      ef278af3b7621aa1c8ad6120a04dff8f537674cae46bf45e412c7e4c367f2144

    • SHA512

      3fb7f7e3decd3a6c075f09a28da41e4ff0752ade3ab46951cf0a58c7a82cf11bf22faf4f6933ca767f215e6d93d58db3ea1daaab0dc6fc42ddd982257ce95047

    • SSDEEP

      1536:d1Fi8TK8kaBL8CPmZjArCd0PzzRQTK1P+ATT:djRTgaBL9prCGPfe+P+A3

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks