Overview

overview

10

Static

static

3

e6edaba53d...59.exe

windows7-x64

10

e6edaba53d...59.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6edaba53ddac2362605c83ba9fab2a641e5d43225cb29bd429adaeb9fc2bf59

  • Size

    664KB

  • Sample

    241123-fcycsavmbq

  • MD5

    af4ebb6580601ebace31465c3b6faaf4

  • SHA1

    9e98d0c1aa5e38643152c7f3a595a685dadfb130

  • SHA256

    e6edaba53ddac2362605c83ba9fab2a641e5d43225cb29bd429adaeb9fc2bf59

  • SHA512

    0de4e5b2f09bd1604cfbef7d9670b249e9b15f59ff6afd7577afe7a6cc355f698bbce5c58329a30b0810a27e9fd8a1ce1aa3ca9e4c0957cf8b1126a239ba358f

  • SSDEEP

    12288:NdrNItpV6yYP4rbpV6yYPg058KpV6yYPNUir2MhNl6zX3w9As/xO23WM6tJmDYjC:mW4XWleKWNUir2MhNl6zX3w9As/xO23b

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e6edaba53ddac2362605c83ba9fab2a641e5d43225cb29bd429adaeb9fc2bf59

    • Size

      664KB

    • MD5

      af4ebb6580601ebace31465c3b6faaf4

    • SHA1

      9e98d0c1aa5e38643152c7f3a595a685dadfb130

    • SHA256

      e6edaba53ddac2362605c83ba9fab2a641e5d43225cb29bd429adaeb9fc2bf59

    • SHA512

      0de4e5b2f09bd1604cfbef7d9670b249e9b15f59ff6afd7577afe7a6cc355f698bbce5c58329a30b0810a27e9fd8a1ce1aa3ca9e4c0957cf8b1126a239ba358f

    • SSDEEP

      12288:NdrNItpV6yYP4rbpV6yYPg058KpV6yYPNUir2MhNl6zX3w9As/xO23WM6tJmDYjC:mW4XWleKWNUir2MhNl6zX3w9As/xO23b

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks