Overview

overview

10

Static

static

3

b845239f88...2N.exe

windows7-x64

10

b845239f88...2N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b845239f8874892426ac82b7b2183e51e20148344a76efbdd0f8c1aad2fc31f2N.exe

  • Size

    104KB

  • Sample

    241120-f65nyssgjp

  • MD5

    d4db44c2a4eb5be5ff2afcd957f05960

  • SHA1

    30f13d2af5aa6f780519993348c8d34789102b41

  • SHA256

    b845239f8874892426ac82b7b2183e51e20148344a76efbdd0f8c1aad2fc31f2

  • SHA512

    02c758ac8f5c417589876d09fc490cec2f0389e62785208e52984f69e28f32cc23068277aab91d43f3f2f47a6c53dd2de0e69d6e8abbd33d6d265eac16cd567e

  • SSDEEP

    3072:bom21boiQQmqV/no4SBXe54x7cEGrhkngpDvchkqbAIQ:Q13QQmqSQ54x4brq2Ah

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b845239f8874892426ac82b7b2183e51e20148344a76efbdd0f8c1aad2fc31f2N.exe

    • Size

      104KB

    • MD5

      d4db44c2a4eb5be5ff2afcd957f05960

    • SHA1

      30f13d2af5aa6f780519993348c8d34789102b41

    • SHA256

      b845239f8874892426ac82b7b2183e51e20148344a76efbdd0f8c1aad2fc31f2

    • SHA512

      02c758ac8f5c417589876d09fc490cec2f0389e62785208e52984f69e28f32cc23068277aab91d43f3f2f47a6c53dd2de0e69d6e8abbd33d6d265eac16cd567e

    • SSDEEP

      3072:bom21boiQQmqV/no4SBXe54x7cEGrhkngpDvchkqbAIQ:Q13QQmqSQ54x4brq2Ah

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks