Overview

overview

10

Static

static

3

26f7066a3b...e8.exe

windows7-x64

10

26f7066a3b...e8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26f7066a3b95ae7d1b91f990b9667b48cec38042fe6099fb9a7fd24981938ae8.exe

  • Size

    128KB

  • Sample

    241120-f3p44a1rd1

  • MD5

    2e45549ffdcb0a1c720d14d07460f327

  • SHA1

    4ed32b6b47ae4fbfd8b67e34b1cb1b749fa9d633

  • SHA256

    26f7066a3b95ae7d1b91f990b9667b48cec38042fe6099fb9a7fd24981938ae8

  • SHA512

    f04ce1419ef0f5f9536e4d732425480635471c93ba678fb354e43b73dfecbabb708c9f1239e36750f07e1c5ed00ccf6d6fccb32dc5fc7cc945f1e32643222695

  • SSDEEP

    3072:i56D1eW3W0Hj12m1NOcOtutAfeSlj9pui6yYPaI7DehizrVtNB:i56D13VD1xkY+2Opui6yYPaIGcr

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      26f7066a3b95ae7d1b91f990b9667b48cec38042fe6099fb9a7fd24981938ae8.exe

    • Size

      128KB

    • MD5

      2e45549ffdcb0a1c720d14d07460f327

    • SHA1

      4ed32b6b47ae4fbfd8b67e34b1cb1b749fa9d633

    • SHA256

      26f7066a3b95ae7d1b91f990b9667b48cec38042fe6099fb9a7fd24981938ae8

    • SHA512

      f04ce1419ef0f5f9536e4d732425480635471c93ba678fb354e43b73dfecbabb708c9f1239e36750f07e1c5ed00ccf6d6fccb32dc5fc7cc945f1e32643222695

    • SSDEEP

      3072:i56D1eW3W0Hj12m1NOcOtutAfeSlj9pui6yYPaI7DehizrVtNB:i56D13VD1xkY+2Opui6yYPaIGcr

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks