Overview

overview

10

Static

static

3

ce5dff3160...cb.exe

windows7-x64

10

ce5dff3160...cb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce5dff316086f16b30c865ce3211ff9032073bf8af92d1cf5dfb02b4b5d366cb.exe

  • Size

    87KB

  • Sample

    241119-xhwjta1cjj

  • MD5

    a9231a40361b85758208946156a9731e

  • SHA1

    c3dac4387d33440294e1c536003e158808212129

  • SHA256

    ce5dff316086f16b30c865ce3211ff9032073bf8af92d1cf5dfb02b4b5d366cb

  • SHA512

    33cb4a89594ddd30e5d8179e7df29a564ccad11442b7488bd0b0122c878f2cf59d55dd16501262fbaf3256711d14091bb3fe8b3926395d3b501f1b90220d7f2a

  • SSDEEP

    1536:U4FHzSeE2J3hHnUBy3lR3fl9fmtekGQ3OL8JjPMWi/HuaGxkRQ4ZRSRBDNrR0RVh:RFHlE031nUkTP+tekGGPMW2HuaGxkeAt

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ce5dff316086f16b30c865ce3211ff9032073bf8af92d1cf5dfb02b4b5d366cb.exe

    • Size

      87KB

    • MD5

      a9231a40361b85758208946156a9731e

    • SHA1

      c3dac4387d33440294e1c536003e158808212129

    • SHA256

      ce5dff316086f16b30c865ce3211ff9032073bf8af92d1cf5dfb02b4b5d366cb

    • SHA512

      33cb4a89594ddd30e5d8179e7df29a564ccad11442b7488bd0b0122c878f2cf59d55dd16501262fbaf3256711d14091bb3fe8b3926395d3b501f1b90220d7f2a

    • SSDEEP

      1536:U4FHzSeE2J3hHnUBy3lR3fl9fmtekGQ3OL8JjPMWi/HuaGxkRQ4ZRSRBDNrR0RVh:RFHlE031nUkTP+tekGGPMW2HuaGxkeAt

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks