Overview

overview

10

Static

static

3

dc6c1639f8...4e.exe

windows7-x64

10

dc6c1639f8...4e.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    dc6c1639f8016c18c406ec6857d7f75f8883666c68ce6786bb45d7d51399104e

  • Size

    384KB

  • Sample

    241010-csf7naveje

  • MD5

    c2fa4a5c82db073156d584558c6c7ccf

  • SHA1

    47a4377657ba9cdc122e1c89585d7cc21b43d3d3

  • SHA256

    dc6c1639f8016c18c406ec6857d7f75f8883666c68ce6786bb45d7d51399104e

  • SHA512

    ab87ed89dc13cbe7534f1578d20f34bea1c4aee0420e5c240dd1a223f899c8398d355f47fb5a6544b325e8b9e7c609bb59de60a981a9d686d1ae35681e53c475

  • SSDEEP

    6144:rD+RoByGSUvpui6yYPaIGckpyWO63t5YNpui6yYPaIGcky0PVd68LwYwI+8mkUra:XnTpV6yYPI3cpV6yYPZ0PVdvcY9+8hka

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dc6c1639f8016c18c406ec6857d7f75f8883666c68ce6786bb45d7d51399104e

    • Size

      384KB

    • MD5

      c2fa4a5c82db073156d584558c6c7ccf

    • SHA1

      47a4377657ba9cdc122e1c89585d7cc21b43d3d3

    • SHA256

      dc6c1639f8016c18c406ec6857d7f75f8883666c68ce6786bb45d7d51399104e

    • SHA512

      ab87ed89dc13cbe7534f1578d20f34bea1c4aee0420e5c240dd1a223f899c8398d355f47fb5a6544b325e8b9e7c609bb59de60a981a9d686d1ae35681e53c475

    • SSDEEP

      6144:rD+RoByGSUvpui6yYPaIGckpyWO63t5YNpui6yYPaIGcky0PVd68LwYwI+8mkUra:XnTpV6yYPI3cpV6yYPZ0PVdvcY9+8hka

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks