Overview

overview

10

Static

static

3

99dc3dbd30...14.exe

windows7-x64

10

99dc3dbd30...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99dc3dbd30fbdfb3a7aec8240adcbf58c046620460377e845d06e3909f24be14.exe

  • Size

    368KB

  • Sample

    241119-qj2znawmdt

  • MD5

    44192ac41a4a5ea53c5d6c4680162ca9

  • SHA1

    725bf3973c136c5700811e7d78942ccf242d2dbf

  • SHA256

    99dc3dbd30fbdfb3a7aec8240adcbf58c046620460377e845d06e3909f24be14

  • SHA512

    0dcaf57f587be937505545ea3742fdb4eca9edb0793960282280f4aae3cd3ec95d860702e2ff1915047578f6f8ad233b30e941ff435e10f0d1e39a4ba4b9bb32

  • SSDEEP

    6144:wJJs4b3NlTjZXvEQo9dfJBEdKFckUQ/4TIHD4xutM3VOEIuV5t6R+0I/VzogZi:wJJs4HT9XvEhdfJkKSkU3kHyuaRB5t6j

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      99dc3dbd30fbdfb3a7aec8240adcbf58c046620460377e845d06e3909f24be14.exe

    • Size

      368KB

    • MD5

      44192ac41a4a5ea53c5d6c4680162ca9

    • SHA1

      725bf3973c136c5700811e7d78942ccf242d2dbf

    • SHA256

      99dc3dbd30fbdfb3a7aec8240adcbf58c046620460377e845d06e3909f24be14

    • SHA512

      0dcaf57f587be937505545ea3742fdb4eca9edb0793960282280f4aae3cd3ec95d860702e2ff1915047578f6f8ad233b30e941ff435e10f0d1e39a4ba4b9bb32

    • SSDEEP

      6144:wJJs4b3NlTjZXvEQo9dfJBEdKFckUQ/4TIHD4xutM3VOEIuV5t6R+0I/VzogZi:wJJs4HT9XvEhdfJkKSkU3kHyuaRB5t6j

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks