Overview

overview

10

Static

static

3

efdfa5857a...2a.exe

windows7-x64

10

efdfa5857a...2a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efdfa5857a74166812d607821cf3987347c8f17b5dce3d6ee81629fa6a573c2a.exe

  • Size

    89KB

  • Sample

    241119-m49cpazmeq

  • MD5

    7811c249fb300ba137f6b6e1e21c6a27

  • SHA1

    159454a931fc37b88de85ea512cbe30089556fcb

  • SHA256

    efdfa5857a74166812d607821cf3987347c8f17b5dce3d6ee81629fa6a573c2a

  • SHA512

    7077db4c3cbb01566d1458e0dd4f99625f990da6b95ca79a59f3f0982709c7e5b54772a2043e3ac3453526b2eb2bce8b48090f1df01fdbfd9835d834bf10269a

  • SSDEEP

    1536:mY4ZFnNsct9vBoV97+HQSeXqS5SRQjD68a+VMKKTRVGFtUhQfR1WRaROR8RN:mYaX3u+8XjSeir4MKy3G7UEqMM6v

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      efdfa5857a74166812d607821cf3987347c8f17b5dce3d6ee81629fa6a573c2a.exe

    • Size

      89KB

    • MD5

      7811c249fb300ba137f6b6e1e21c6a27

    • SHA1

      159454a931fc37b88de85ea512cbe30089556fcb

    • SHA256

      efdfa5857a74166812d607821cf3987347c8f17b5dce3d6ee81629fa6a573c2a

    • SHA512

      7077db4c3cbb01566d1458e0dd4f99625f990da6b95ca79a59f3f0982709c7e5b54772a2043e3ac3453526b2eb2bce8b48090f1df01fdbfd9835d834bf10269a

    • SSDEEP

      1536:mY4ZFnNsct9vBoV97+HQSeXqS5SRQjD68a+VMKKTRVGFtUhQfR1WRaROR8RN:mYaX3u+8XjSeir4MKy3G7UEqMM6v

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks