Overview

overview

10

Static

static

3

ad7bf3d2d4...5N.exe

windows7-x64

10

ad7bf3d2d4...5N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ad7bf3d2d4563c0ad413ebf237c363983bf03530646fe2761e506dba18933105N

  • Size

    71KB

  • Sample

    241012-mc25aszern

  • MD5

    832088bf9c39ec451d7adf57b4dbeed0

  • SHA1

    ce582885408763ff434408efd0e31b1dfa011f33

  • SHA256

    ad7bf3d2d4563c0ad413ebf237c363983bf03530646fe2761e506dba18933105

  • SHA512

    2c3eb69dae5ec735f13518fb6fe79f9480b5fc7cdd4c7f66cfb37d78f7aee4ffbc864f566dea06223154890a433c9131ad3c2162699b5b8918591f92812380a5

  • SSDEEP

    1536:c6ljIgUiUETkRuLMb5a01OXadtQLYRQkDbEyRCRRRoR4Rk:c6ljtUivTU15tQEeiEy032ya

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ad7bf3d2d4563c0ad413ebf237c363983bf03530646fe2761e506dba18933105N

    • Size

      71KB

    • MD5

      832088bf9c39ec451d7adf57b4dbeed0

    • SHA1

      ce582885408763ff434408efd0e31b1dfa011f33

    • SHA256

      ad7bf3d2d4563c0ad413ebf237c363983bf03530646fe2761e506dba18933105

    • SHA512

      2c3eb69dae5ec735f13518fb6fe79f9480b5fc7cdd4c7f66cfb37d78f7aee4ffbc864f566dea06223154890a433c9131ad3c2162699b5b8918591f92812380a5

    • SSDEEP

      1536:c6ljIgUiUETkRuLMb5a01OXadtQLYRQkDbEyRCRRRoR4Rk:c6ljtUivTU15tQEeiEy032ya

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks