Overview

overview

10

Static

static

3

d8fdaea922...3b.exe

windows7-x64

10

d8fdaea922...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8fdaea922d1393b568e584f2934710023450653e54af171961c7a0145e2f33b

  • Size

    93KB

  • Sample

    241123-et2k4axrdy

  • MD5

    d12d2d64b76bc502817b4e67a773b481

  • SHA1

    4d6066a11c884b7b9ddcb2b318fdbeb1d966d23d

  • SHA256

    d8fdaea922d1393b568e584f2934710023450653e54af171961c7a0145e2f33b

  • SHA512

    5b3221d5d4224e8e62d43d9277d6ea29cf891f1515880da02766f8fd5ed793061ebb8214e6c433614060d1759ad3dd198c64ff3ebe908631c1efeb254552a5ee

  • SSDEEP

    1536:gfkyztQu+muGXaqkHbzeqyjofM0UgVfTRQsRRs3cO57OWxXPu4n6yYPLBgI7CkX:MQuiqgb0ofM03esE9pui6yYPaI7DX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d8fdaea922d1393b568e584f2934710023450653e54af171961c7a0145e2f33b

    • Size

      93KB

    • MD5

      d12d2d64b76bc502817b4e67a773b481

    • SHA1

      4d6066a11c884b7b9ddcb2b318fdbeb1d966d23d

    • SHA256

      d8fdaea922d1393b568e584f2934710023450653e54af171961c7a0145e2f33b

    • SHA512

      5b3221d5d4224e8e62d43d9277d6ea29cf891f1515880da02766f8fd5ed793061ebb8214e6c433614060d1759ad3dd198c64ff3ebe908631c1efeb254552a5ee

    • SSDEEP

      1536:gfkyztQu+muGXaqkHbzeqyjofM0UgVfTRQsRRs3cO57OWxXPu4n6yYPLBgI7CkX:MQuiqgb0ofM03esE9pui6yYPaI7DX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks