berbew | cf0b0ccf82f33028b3ce628d38fb880971d91e81bd2e86141838f07adf8dd298 | Triage

Sharing

General

Target

cf0b0ccf82f33028b3ce628d38fb880971d91e81bd2e86141838f07adf8dd298
Size

89KB
Sample

241123-edsm9atnfk
MD5

65dfdcb4848138219ac37e8a58bdd4c3
SHA1

8d0dd2eee17bcb4e84916823034e5c048cc5b775
SHA256

cf0b0ccf82f33028b3ce628d38fb880971d91e81bd2e86141838f07adf8dd298
SHA512

7c172ed8e6aca83f127ad9a6f929148936922ed383459f4a64b62f3c2e398d96aa27e760ea025f43f2841ca6c6ea73991a96b7dc517a6b2bbe225f7730595cfb
SSDEEP

1536:mD/VDU+VC7sVVVuVsaph6zPnY+NDgtLeRQQR+KRFR3RzR1URJrCiuiNj5QkMMWRu:+VVC7UVVuqaphan1NDgtKeQjb5ZXUf28

Score

10^/10

berbew backdoor discovery persistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

- Target
  
  cf0b0ccf82f33028b3ce628d38fb880971d91e81bd2e86141838f07adf8dd298
- Size
  
  89KB
- MD5
  
  65dfdcb4848138219ac37e8a58bdd4c3
- SHA1
  
  8d0dd2eee17bcb4e84916823034e5c048cc5b775
- SHA256
  
  cf0b0ccf82f33028b3ce628d38fb880971d91e81bd2e86141838f07adf8dd298
- SHA512
  
  7c172ed8e6aca83f127ad9a6f929148936922ed383459f4a64b62f3c2e398d96aa27e760ea025f43f2841ca6c6ea73991a96b7dc517a6b2bbe225f7730595cfb
- SSDEEP
  
  1536:mD/VDU+VC7sVVVuVsaph6zPnY+NDgtLeRQQR+KRFR3RzR1URJrCiuiNj5QkMMWRu:+VVC7UVVuqaphan1NDgtKeQjb5ZXUf28
Score

10^/10

berbew backdoor discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Berbew family
  berbew
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbackdoordiscoverypersistence

behavioral2

berbewbackdoordiscoverypersistence