Overview

overview

10

Static

static

3

b0f22d727a...75.exe

windows7-x64

10

b0f22d727a...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0f22d727ae3d7b5aa46c5fcd27126a55cd62bb5690cbe94e389f4d89b48c275

  • Size

    269KB

  • Sample

    241018-cg1rxstarj

  • MD5

    07d1783a62ecf44081174cd4ebc815b0

  • SHA1

    e2f1b8f40b6c34d81657f26fe5a5e763a78af1ea

  • SHA256

    b0f22d727ae3d7b5aa46c5fcd27126a55cd62bb5690cbe94e389f4d89b48c275

  • SHA512

    dc60feab7244a1809e901fb5fb19472f112f5d8fa842ec8e0e916e3954417a429d1ce622bac8193661db6a2f468a01db0360f2a976212c4603dcd5a959ec1eaa

  • SSDEEP

    6144:MvxKGXjsDX4EYtCwGtMtkiXOoloMr1JeSldqP7+x55Kmj50GXoCcmASBTw2AXC26:MvxKGXpChtMtkM71r1MSXqPix55KI5fh

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b0f22d727ae3d7b5aa46c5fcd27126a55cd62bb5690cbe94e389f4d89b48c275

    • Size

      269KB

    • MD5

      07d1783a62ecf44081174cd4ebc815b0

    • SHA1

      e2f1b8f40b6c34d81657f26fe5a5e763a78af1ea

    • SHA256

      b0f22d727ae3d7b5aa46c5fcd27126a55cd62bb5690cbe94e389f4d89b48c275

    • SHA512

      dc60feab7244a1809e901fb5fb19472f112f5d8fa842ec8e0e916e3954417a429d1ce622bac8193661db6a2f468a01db0360f2a976212c4603dcd5a959ec1eaa

    • SSDEEP

      6144:MvxKGXjsDX4EYtCwGtMtkiXOoloMr1JeSldqP7+x55Kmj50GXoCcmASBTw2AXC26:MvxKGXpChtMtkM71r1MSXqPix55KI5fh

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks