Overview

overview

10

Static

static

3

ae45203b53...0N.exe

windows7-x64

10

ae45203b53...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ae45203b5300b588b65b2f48e6a8a4b9dc6aaec5932b2848b40900e4f1e04990N

  • Size

    71KB

  • Sample

    241009-pqdpzavarm

  • MD5

    d9097f0680af2f555ffe7fd5e6341730

  • SHA1

    5cfabd78900e78fada81cf001c21db178a0a9953

  • SHA256

    ae45203b5300b588b65b2f48e6a8a4b9dc6aaec5932b2848b40900e4f1e04990

  • SHA512

    146be5d69565aa32d4e33387c53a1fff8ed5d800938203011afbb4540f2e7b88f7cbbb9cf4c090e2e29983833627edfb681fe3b477b7d135ff8c9aafa5510041

  • SSDEEP

    1536:9ucbzS7UTVMMqeRLj7WCF+4A0rNyR6q+RQimDbEyRCRRRoR4Rk:Eca7j3EaiJN9elEy032ya

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ae45203b5300b588b65b2f48e6a8a4b9dc6aaec5932b2848b40900e4f1e04990N

    • Size

      71KB

    • MD5

      d9097f0680af2f555ffe7fd5e6341730

    • SHA1

      5cfabd78900e78fada81cf001c21db178a0a9953

    • SHA256

      ae45203b5300b588b65b2f48e6a8a4b9dc6aaec5932b2848b40900e4f1e04990

    • SHA512

      146be5d69565aa32d4e33387c53a1fff8ed5d800938203011afbb4540f2e7b88f7cbbb9cf4c090e2e29983833627edfb681fe3b477b7d135ff8c9aafa5510041

    • SSDEEP

      1536:9ucbzS7UTVMMqeRLj7WCF+4A0rNyR6q+RQimDbEyRCRRRoR4Rk:Eca7j3EaiJN9elEy032ya

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks