Overview

overview

10

Static

static

3

ffc955f0a1...1e.exe

windows7-x64

10

ffc955f0a1...1e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ffc955f0a1135fd72d29b8a5a96b21e97799b91623bcaf32278cbaae125df11e

  • Size

    96KB

  • Sample

    241123-gf3x4swldm

  • MD5

    f7ee9181d4e30a1575610d7424d37807

  • SHA1

    3751c73ec08840b8ec9205e99a17829ec0d35eb1

  • SHA256

    ffc955f0a1135fd72d29b8a5a96b21e97799b91623bcaf32278cbaae125df11e

  • SHA512

    118ffafef94cb0f2c26cfc99cf6006605aa8382a9cd4c6086c16d27fde8983e776e6f24ec58b1e872e797b2007dbca7ac8c729ae2cda9f407631708a4c5540e8

  • SSDEEP

    1536:VFnE8HHAioQ/3jIMYeDxwj1X6GMgc37kz0O8PLYpRQ+efR5R45WtqV9R2R462iza:znjoy3SQ9GDc34D8PLYe+uHrtG9MW3+G

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ffc955f0a1135fd72d29b8a5a96b21e97799b91623bcaf32278cbaae125df11e

    • Size

      96KB

    • MD5

      f7ee9181d4e30a1575610d7424d37807

    • SHA1

      3751c73ec08840b8ec9205e99a17829ec0d35eb1

    • SHA256

      ffc955f0a1135fd72d29b8a5a96b21e97799b91623bcaf32278cbaae125df11e

    • SHA512

      118ffafef94cb0f2c26cfc99cf6006605aa8382a9cd4c6086c16d27fde8983e776e6f24ec58b1e872e797b2007dbca7ac8c729ae2cda9f407631708a4c5540e8

    • SSDEEP

      1536:VFnE8HHAioQ/3jIMYeDxwj1X6GMgc37kz0O8PLYpRQ+efR5R45WtqV9R2R462iza:znjoy3SQ9GDc34D8PLYe+uHrtG9MW3+G

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks