Overview

overview

10

Static

static

3

587e1d331d...02.exe

windows7-x64

10

587e1d331d...02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    587e1d331da12d9015c26e62b8d158ae62c04bebfd57ef5fc862e64fe0566702

  • Size

    1.4MB

  • Sample

    241123-2nmw3szqgs

  • MD5

    8afa4a3e30a8ded1a1818cbf6028f106

  • SHA1

    8121459aa7701dc2cb0e2435814060b34ebd453a

  • SHA256

    587e1d331da12d9015c26e62b8d158ae62c04bebfd57ef5fc862e64fe0566702

  • SHA512

    62e288e179a14f60fdee235092199b93a6fab8cc9b3156a1439e1a1442da104526e5a0e691eb35284ff20040cbcff3a6f8e026487956fdd6aded0fb6a864418c

  • SSDEEP

    12288:Ci2BCzXjOYpV6yYPI3cpV6yYPeHCXwpnsKvNA+XTvZHWuEo3oWL5g:L2BCzXjOYWHWIpsKv2EvZHp3oWNg

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      587e1d331da12d9015c26e62b8d158ae62c04bebfd57ef5fc862e64fe0566702

    • Size

      1.4MB

    • MD5

      8afa4a3e30a8ded1a1818cbf6028f106

    • SHA1

      8121459aa7701dc2cb0e2435814060b34ebd453a

    • SHA256

      587e1d331da12d9015c26e62b8d158ae62c04bebfd57ef5fc862e64fe0566702

    • SHA512

      62e288e179a14f60fdee235092199b93a6fab8cc9b3156a1439e1a1442da104526e5a0e691eb35284ff20040cbcff3a6f8e026487956fdd6aded0fb6a864418c

    • SSDEEP

      12288:Ci2BCzXjOYpV6yYPI3cpV6yYPeHCXwpnsKvNA+XTvZHWuEo3oWL5g:L2BCzXjOYWHWIpsKv2EvZHp3oWNg

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks