Overview

overview

10

Static

static

3

80a5fdddaa...9N.exe

windows7-x64

10

80a5fdddaa...9N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    80a5fdddaa4c8385a7d0ed5b1fea0ab23c6d0e69df74b4317582ebdb9970dbe9N

  • Size

    111KB

  • Sample

    241013-styfbsxhlj

  • MD5

    ddce45ad4ed40fbbf1c2c460d8365540

  • SHA1

    38640a040ed777dc3c8b72802b93ed2d3091bc38

  • SHA256

    80a5fdddaa4c8385a7d0ed5b1fea0ab23c6d0e69df74b4317582ebdb9970dbe9

  • SHA512

    e5e295c0cd49a54be7aa48630177f5274f2718d5495a9691e14a61ee11fa729e43edbebcced33547734bd6664f6bb4c8555add489fe69ef42bc8f822a8340ee7

  • SSDEEP

    3072:L1IFk61tQFdVNeWw0v0wnJcefSXQHPTTAkvB5Ddj:ZI5CFkctnJfKXqPTX7DB

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      80a5fdddaa4c8385a7d0ed5b1fea0ab23c6d0e69df74b4317582ebdb9970dbe9N

    • Size

      111KB

    • MD5

      ddce45ad4ed40fbbf1c2c460d8365540

    • SHA1

      38640a040ed777dc3c8b72802b93ed2d3091bc38

    • SHA256

      80a5fdddaa4c8385a7d0ed5b1fea0ab23c6d0e69df74b4317582ebdb9970dbe9

    • SHA512

      e5e295c0cd49a54be7aa48630177f5274f2718d5495a9691e14a61ee11fa729e43edbebcced33547734bd6664f6bb4c8555add489fe69ef42bc8f822a8340ee7

    • SSDEEP

      3072:L1IFk61tQFdVNeWw0v0wnJcefSXQHPTTAkvB5Ddj:ZI5CFkctnJfKXqPTX7DB

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks