Overview

overview

10

Static

static

3

e666e6ee43...dN.exe

windows7-x64

10

e666e6ee43...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e666e6ee43e4275e1a1906c59cfb35867893bcb5cd15baa8148902e05e14b63dN.exe

  • Size

    92KB

  • Sample

    241119-ts3jbssrej

  • MD5

    c128ff2795484cac53bef73e4efc69a0

  • SHA1

    e01196b50cfc4d41d2a464316380228792a1009f

  • SHA256

    e666e6ee43e4275e1a1906c59cfb35867893bcb5cd15baa8148902e05e14b63d

  • SHA512

    08fd7fd8d07b4bcd7189be3b94cd446d8abff60b73abb072ab4d056ca5d65570460e4c0bf023a92ca07a68028fc72d73982fa6cd10e3ed23bec88e18eec5aede

  • SSDEEP

    1536:7ji+Xujf6+fc/wOH7V8adrd0eGnOhRQAeBRJJ5R2xOSC4Bus3cO57OWxXPu4s:1mfc/wSi+HhebBrJ5wxO34d9puX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e666e6ee43e4275e1a1906c59cfb35867893bcb5cd15baa8148902e05e14b63dN.exe

    • Size

      92KB

    • MD5

      c128ff2795484cac53bef73e4efc69a0

    • SHA1

      e01196b50cfc4d41d2a464316380228792a1009f

    • SHA256

      e666e6ee43e4275e1a1906c59cfb35867893bcb5cd15baa8148902e05e14b63d

    • SHA512

      08fd7fd8d07b4bcd7189be3b94cd446d8abff60b73abb072ab4d056ca5d65570460e4c0bf023a92ca07a68028fc72d73982fa6cd10e3ed23bec88e18eec5aede

    • SSDEEP

      1536:7ji+Xujf6+fc/wOH7V8adrd0eGnOhRQAeBRJJ5R2xOSC4Bus3cO57OWxXPu4s:1mfc/wSi+HhebBrJ5wxO34d9puX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks