Overview

overview

10

Static

static

3

cf81de8903...dN.exe

windows7-x64

10

cf81de8903...dN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    cf81de89037e90a35e9b2229bb21e05f00f7ba218bcacaed999a62ba63675b5dN

  • Size

    896KB

  • Sample

    241012-mf7tyswbjd

  • MD5

    fe632260e8956573ae2d3bb618df6d70

  • SHA1

    5b75614002a85866ce9acef7066690feda6345aa

  • SHA256

    cf81de89037e90a35e9b2229bb21e05f00f7ba218bcacaed999a62ba63675b5d

  • SHA512

    aa2f6a76827bc5c3a252e3c45881e1709943fb8be059455d95862328f9564f00e925d77a2535552a5c0c8dfa8c192f5a87480cee296d27a141819e547850a8f1

  • SSDEEP

    12288:3+DByvNv54B9f01ZmHByvNv5VwLonfBHLqF1Nw5ILonfByvNv5HV:3nvr4B9f01ZmQvrUENOVvr1

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      cf81de89037e90a35e9b2229bb21e05f00f7ba218bcacaed999a62ba63675b5dN

    • Size

      896KB

    • MD5

      fe632260e8956573ae2d3bb618df6d70

    • SHA1

      5b75614002a85866ce9acef7066690feda6345aa

    • SHA256

      cf81de89037e90a35e9b2229bb21e05f00f7ba218bcacaed999a62ba63675b5d

    • SHA512

      aa2f6a76827bc5c3a252e3c45881e1709943fb8be059455d95862328f9564f00e925d77a2535552a5c0c8dfa8c192f5a87480cee296d27a141819e547850a8f1

    • SSDEEP

      12288:3+DByvNv54B9f01ZmHByvNv5VwLonfBHLqF1Nw5ILonfByvNv5HV:3nvr4B9f01ZmQvrUENOVvr1

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks