berbew | 9cda592f065c927c55c189748afe040b0467a2f649e0380b0d732f53576ac25b | Triage

Sharing

General

Target

9cda592f065c927c55c189748afe040b0467a2f649e0380b0d732f53576ac25b
Size

59KB
Sample

241101-vem26avjcm
MD5

ba8ecc51e3be15dd6bed63435c45f298
SHA1

946c14d3eec6ecad78fa7b20bb0d9806e3d1572e
SHA256

9cda592f065c927c55c189748afe040b0467a2f649e0380b0d732f53576ac25b
SHA512

668c93535c44d374017ef2555dc8e74ced515eaf899e28df773175cbf6824869a573517d55e0b9974468e369bb5522c27bda1a3947ec42b2c09094534ee6aea4
SSDEEP

1536:ey7o07wEDHJuyHLR0FuKktQ9FWVYpZb9NNCyVso:JojMpuyHLR0s7EFdoeso

Score

10^/10

berbew backdoor discovery persistence

Malware Config

Targets

- Target
  
  9cda592f065c927c55c189748afe040b0467a2f649e0380b0d732f53576ac25b
- Size
  
  59KB
- MD5
  
  ba8ecc51e3be15dd6bed63435c45f298
- SHA1
  
  946c14d3eec6ecad78fa7b20bb0d9806e3d1572e
- SHA256
  
  9cda592f065c927c55c189748afe040b0467a2f649e0380b0d732f53576ac25b
- SHA512
  
  668c93535c44d374017ef2555dc8e74ced515eaf899e28df773175cbf6824869a573517d55e0b9974468e369bb5522c27bda1a3947ec42b2c09094534ee6aea4
- SSDEEP
  
  1536:ey7o07wEDHJuyHLR0FuKktQ9FWVYpZb9NNCyVso:JojMpuyHLR0s7EFdoeso
Score

10^/10

berbew backdoor discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Berbew family
  berbew
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbackdoordiscoverypersistence

behavioral2

berbewbackdoordiscoverypersistence