Overview

overview

10

Static

static

10

ea5cc5c912...91.exe

windows7-x64

10

ea5cc5c912...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea5cc5c9121734e9256aab1b5ad9c6dab6d39fb72883929ef81725ed8c9f7d91

  • Size

    128KB

  • Sample

    241120-fw89ds1qdt

  • MD5

    ac8e98602115232da25f2b4b2a68198f

  • SHA1

    d78635c2ef9af455f1459e717fc1c7dd162d1d2e

  • SHA256

    ea5cc5c9121734e9256aab1b5ad9c6dab6d39fb72883929ef81725ed8c9f7d91

  • SHA512

    e26134bf29f0d8f9976107db7352adb1a51353480825bddca97b9d40b3cf19f34e980afa99295d8783cc6b244cfe402d7dcee84e2eeb1ab0bcb0962904f54756

  • SSDEEP

    1536:yXgNZd55WsOoDxKFevQUOgyxWegiw7RQDSdRfRa9HprmRfRJCLIXG:yc55/Oo9KGQwegiyeDSd5wkpHxG

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ea5cc5c9121734e9256aab1b5ad9c6dab6d39fb72883929ef81725ed8c9f7d91

    • Size

      128KB

    • MD5

      ac8e98602115232da25f2b4b2a68198f

    • SHA1

      d78635c2ef9af455f1459e717fc1c7dd162d1d2e

    • SHA256

      ea5cc5c9121734e9256aab1b5ad9c6dab6d39fb72883929ef81725ed8c9f7d91

    • SHA512

      e26134bf29f0d8f9976107db7352adb1a51353480825bddca97b9d40b3cf19f34e980afa99295d8783cc6b244cfe402d7dcee84e2eeb1ab0bcb0962904f54756

    • SSDEEP

      1536:yXgNZd55WsOoDxKFevQUOgyxWegiw7RQDSdRfRa9HprmRfRJCLIXG:yc55/Oo9KGQwegiyeDSd5wkpHxG

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks