Overview

overview

10

Static

static

3

4c9c4d00d4...1N.exe

windows7-x64

10

4c9c4d00d4...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c9c4d00d47515b9a8caab0d3d5746e068a0534d146c7ba43ff46a23782fcef1N

  • Size

    529KB

  • Sample

    241012-wqbzpsyakk

  • MD5

    bb58f7ab80dbdb00f14490dfded43a00

  • SHA1

    305ad1079daec0100d98b677c6a4737f4a4ef1c1

  • SHA256

    4c9c4d00d47515b9a8caab0d3d5746e068a0534d146c7ba43ff46a23782fcef1

  • SHA512

    e41cdbdf3051f0b3102f730430079a46c2ab02aa6067743dfb1e437bf1db047246bc45f7212391835b74203e165e7d9700e5d7581a4238b5efb7b215136e719c

  • SSDEEP

    12288:CU89f4SSpV6yYPoBVgsPpV6yYPlWEVA9pV6yYPoBVgsPpV6yYPo:CU1WSPW7A9WSPWo

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4c9c4d00d47515b9a8caab0d3d5746e068a0534d146c7ba43ff46a23782fcef1N

    • Size

      529KB

    • MD5

      bb58f7ab80dbdb00f14490dfded43a00

    • SHA1

      305ad1079daec0100d98b677c6a4737f4a4ef1c1

    • SHA256

      4c9c4d00d47515b9a8caab0d3d5746e068a0534d146c7ba43ff46a23782fcef1

    • SHA512

      e41cdbdf3051f0b3102f730430079a46c2ab02aa6067743dfb1e437bf1db047246bc45f7212391835b74203e165e7d9700e5d7581a4238b5efb7b215136e719c

    • SSDEEP

      12288:CU89f4SSpV6yYPoBVgsPpV6yYPlWEVA9pV6yYPoBVgsPpV6yYPo:CU1WSPW7A9WSPWo

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks