Overview

overview

10

Static

static

3

f8b5d4183a...c1.exe

windows7-x64

10

f8b5d4183a...c1.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f8b5d4183afe5e0ea917b54026cb4ee8d9469bdc509335c1972922bae70762c1

  • Size

    384KB

  • Sample

    241121-p7vptawrdj

  • MD5

    ee2206130a8d295dc02e66f738a79bd5

  • SHA1

    79dcdd86812b082d918e53690e3d280b15b6a428

  • SHA256

    f8b5d4183afe5e0ea917b54026cb4ee8d9469bdc509335c1972922bae70762c1

  • SHA512

    6e62f6fba0852252340bc35f767646e9485d1b9bd4149fa4acff0dd963d6cb37403df713cba26b4e77f6177a37b6751f6f2afa780a7326e4409c90d6dc8b7133

  • SSDEEP

    6144:BHIUcIQcdHPum8d7i7pui6yYPaIGckjh/xaSfBJKFbhD7sYQpui6yYPaIGck7/Di:FIUXDv8dApV6yYPMLnfBJKFbhDwBpV6F

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f8b5d4183afe5e0ea917b54026cb4ee8d9469bdc509335c1972922bae70762c1

    • Size

      384KB

    • MD5

      ee2206130a8d295dc02e66f738a79bd5

    • SHA1

      79dcdd86812b082d918e53690e3d280b15b6a428

    • SHA256

      f8b5d4183afe5e0ea917b54026cb4ee8d9469bdc509335c1972922bae70762c1

    • SHA512

      6e62f6fba0852252340bc35f767646e9485d1b9bd4149fa4acff0dd963d6cb37403df713cba26b4e77f6177a37b6751f6f2afa780a7326e4409c90d6dc8b7133

    • SSDEEP

      6144:BHIUcIQcdHPum8d7i7pui6yYPaIGckjh/xaSfBJKFbhD7sYQpui6yYPaIGck7/Di:FIUXDv8dApV6yYPMLnfBJKFbhDwBpV6F

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks