berbew | e96aaf916a525158ec1d33141c3c138efa1cd21a4b1821b8b5fab42681e02f17 | Triage

Submit
Reports

Overview

overview

Static

static

3

e96aaf916a...7N.exe

windows7-x64

e96aaf916a...7N.exe

windows10-2004-x64

Resubmissions

26-10-2024 07:33

241026-jdn3aa1hme 10

26-10-2024 06:50

241026-hmb9easelk 10

Sharing

General

Target

e96aaf916a525158ec1d33141c3c138efa1cd21a4b1821b8b5fab42681e02f17N
Size

397KB
Sample

241026-jdn3aa1hme
MD5

dd109acf062351007336d2ff5173d960
SHA1

f2991dbea0e6e7ff0e272bb8f54f971365e0dafe
SHA256

e96aaf916a525158ec1d33141c3c138efa1cd21a4b1821b8b5fab42681e02f17
SHA512

ca42a64b4838c36600b0f2ffdae57e731fa8be58cce2e8a95d50ae3285bc8680c0586e6eb1d0ef927a4b684db4bf13406177d5be0a5eba01245bb6e88222a386
SSDEEP

6144:rVFahK2hJaPFM6234lKm3mo8Yvi4KsLTFM6234lKm3pT11Tgkz1581hW:/WAFB24lwR45FB24lzx1skz15L

Score

10^/10

berbew infinitylock backdoor discovery persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e96aaf916a525158ec1d33141c3c138efa1cd21a4b1821b8b5fab42681e02f17N.exe

Resource

win7-20240903-en

berbew backdoor discovery persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e96aaf916a525158ec1d33141c3c138efa1cd21a4b1821b8b5fab42681e02f17N.exe

Resource

win10v2004-20241007-en

berbew infinitylock backdoor discovery persistence ransomware

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

- Target
  
  e96aaf916a525158ec1d33141c3c138efa1cd21a4b1821b8b5fab42681e02f17N
- Size
  
  397KB
- MD5
  
  dd109acf062351007336d2ff5173d960
- SHA1
  
  f2991dbea0e6e7ff0e272bb8f54f971365e0dafe
- SHA256
  
  e96aaf916a525158ec1d33141c3c138efa1cd21a4b1821b8b5fab42681e02f17
- SHA512
  
  ca42a64b4838c36600b0f2ffdae57e731fa8be58cce2e8a95d50ae3285bc8680c0586e6eb1d0ef927a4b684db4bf13406177d5be0a5eba01245bb6e88222a386
- SSDEEP
  
  6144:rVFahK2hJaPFM6234lKm3mo8Yvi4KsLTFM6234lKm3pT11Tgkz1581hW:/WAFB24lwR45FB24lzx1skz15L
Score

10^/10

berbew backdoor discovery persistence infinitylock ransomware
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Berbew family
  berbew
- InfinityLock Ransomware
  Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
  ransomware infinitylock
- Infinitylock family
  infinitylock
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbackdoordiscoverypersistence

behavioral2

berbewinfinitylockbackdoordiscoverypersistenceransomware

© 2018-2024

Terms | Privacy