Overview

overview

10

Static

static

3

d01b454090...ff.exe

windows7-x64

10

d01b454090...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d01b454090ca9ae92ee74215ca4ad23269baa062d77ec1bc80befcc9239642ff.exe

  • Size

    71KB

  • Sample

    241119-tzwdlaybkg

  • MD5

    e60aabfa47960f3a9824c36898bf86e9

  • SHA1

    56b8f9381d69d0610e6d80c814bb843ae6082352

  • SHA256

    d01b454090ca9ae92ee74215ca4ad23269baa062d77ec1bc80befcc9239642ff

  • SHA512

    f512a22b4991f0d61cb8f9c610de7afde947d853966640dfd02f7bf1f099ab5b6e12fd0a5213fe6f7c3db553e590c80d9425dfe7dea79199120af115d5d97f22

  • SSDEEP

    1536:LKGlJy20U/QaMLGxNdffPWk6iTniTBzLTpRQcK1P+ATTh:mGa2ZNMKjFNaTRpePP+A3h

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d01b454090ca9ae92ee74215ca4ad23269baa062d77ec1bc80befcc9239642ff.exe

    • Size

      71KB

    • MD5

      e60aabfa47960f3a9824c36898bf86e9

    • SHA1

      56b8f9381d69d0610e6d80c814bb843ae6082352

    • SHA256

      d01b454090ca9ae92ee74215ca4ad23269baa062d77ec1bc80befcc9239642ff

    • SHA512

      f512a22b4991f0d61cb8f9c610de7afde947d853966640dfd02f7bf1f099ab5b6e12fd0a5213fe6f7c3db553e590c80d9425dfe7dea79199120af115d5d97f22

    • SSDEEP

      1536:LKGlJy20U/QaMLGxNdffPWk6iTniTBzLTpRQcK1P+ATTh:mGa2ZNMKjFNaTRpePP+A3h

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks