Overview

overview

10

Static

static

3

bf914a9566...5c.exe

windows7-x64

10

bf914a9566...5c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf914a95664d1ec0c777ea18bfdcc4983938430744e6962be5a081ad8f06645c

  • Size

    89KB

  • Sample

    241120-dslb2szjcv

  • MD5

    64d66246bfdbc8bd2c602c11d1726479

  • SHA1

    469bddca55679ca6b3c2242dc5134f5d4a32729c

  • SHA256

    bf914a95664d1ec0c777ea18bfdcc4983938430744e6962be5a081ad8f06645c

  • SHA512

    1f4b910ae0a3e8e1bad5a42a2a9caa335f27dd6c8cb69c650e299723a799cca8448f0317ea5ab32c469b0f08c05806fca62ea3096f8f8233e2025af2bfdf09f4

  • SSDEEP

    1536:QGaUqv52qg1BDi8V0OlsUdS6h8tBSIa2OTjmk7dsjHvjPQnKc0LnRQJxD68a+VM8:QGZqvupi81seS88eIa2OTjmesjHsUeWm

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bf914a95664d1ec0c777ea18bfdcc4983938430744e6962be5a081ad8f06645c

    • Size

      89KB

    • MD5

      64d66246bfdbc8bd2c602c11d1726479

    • SHA1

      469bddca55679ca6b3c2242dc5134f5d4a32729c

    • SHA256

      bf914a95664d1ec0c777ea18bfdcc4983938430744e6962be5a081ad8f06645c

    • SHA512

      1f4b910ae0a3e8e1bad5a42a2a9caa335f27dd6c8cb69c650e299723a799cca8448f0317ea5ab32c469b0f08c05806fca62ea3096f8f8233e2025af2bfdf09f4

    • SSDEEP

      1536:QGaUqv52qg1BDi8V0OlsUdS6h8tBSIa2OTjmk7dsjHvjPQnKc0LnRQJxD68a+VM8:QGZqvupi81seS88eIa2OTjmesjHsUeWm

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks