Overview

overview

10

Static

static

3

b22aae1987...ce.exe

windows7-x64

10

b22aae1987...ce.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b22aae1987873fdd5361d7805f67812f940b08fb1d56bfda2024998e0841e4ce

  • Size

    89KB

  • Sample

    241120-c5ppkazbkp

  • MD5

    ca7aec4b3b37d474e49af0f4b8e98711

  • SHA1

    72e4509691c87b40b06311c4d2cb567974dcc969

  • SHA256

    b22aae1987873fdd5361d7805f67812f940b08fb1d56bfda2024998e0841e4ce

  • SHA512

    e9ba42eaf6cb409c1e19eb56172c56c22b7c0d18fd3ed11ca9436a13f9f59e8b56febf76bc56482ee1c644ef568e0f19504d77db9ee390efa0fdbd88f7de150c

  • SSDEEP

    1536:7AoSHgBFHI0zbzidIYvhRs9wLsEG8ik8RQmD68a+VMKKTRVGFtUhQfR1WRaROR8V:7cR0/zkvhRs9ysdhePr4MKy3G7UEqMMO

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b22aae1987873fdd5361d7805f67812f940b08fb1d56bfda2024998e0841e4ce

    • Size

      89KB

    • MD5

      ca7aec4b3b37d474e49af0f4b8e98711

    • SHA1

      72e4509691c87b40b06311c4d2cb567974dcc969

    • SHA256

      b22aae1987873fdd5361d7805f67812f940b08fb1d56bfda2024998e0841e4ce

    • SHA512

      e9ba42eaf6cb409c1e19eb56172c56c22b7c0d18fd3ed11ca9436a13f9f59e8b56febf76bc56482ee1c644ef568e0f19504d77db9ee390efa0fdbd88f7de150c

    • SSDEEP

      1536:7AoSHgBFHI0zbzidIYvhRs9wLsEG8ik8RQmD68a+VMKKTRVGFtUhQfR1WRaROR8V:7cR0/zkvhRs9ysdhePr4MKy3G7UEqMMO

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks