Overview

overview

10

Static

static

3

a0741b71fc...dN.exe

windows7-x64

10

a0741b71fc...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a0741b71fc10e54bc532c0d0de04dc433ad4de57bcbb3f68d27f4a96c8fd009dN.exe

  • Size

    288KB

  • Sample

    241123-pcklcsvjfv

  • MD5

    9d336a78a2bb8fe8e0a1c19318226d00

  • SHA1

    c21f551aadbc2f13ddc639ffd6feee66eec606df

  • SHA256

    a0741b71fc10e54bc532c0d0de04dc433ad4de57bcbb3f68d27f4a96c8fd009d

  • SHA512

    86d38ef1414ab729d7d431c3625b60a8a3ebddac142e777b70e6636bc8340c883e416c108b93b29ac5ab4ddf178b3914b3757900bf313d2788c4b43b84323082

  • SSDEEP

    6144:dDws+tYNiypui6yYPaIGckfru5xyDpui6yYPaIGckSUl:dDdpV6yYP4rbpV6yYPgl

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a0741b71fc10e54bc532c0d0de04dc433ad4de57bcbb3f68d27f4a96c8fd009dN.exe

    • Size

      288KB

    • MD5

      9d336a78a2bb8fe8e0a1c19318226d00

    • SHA1

      c21f551aadbc2f13ddc639ffd6feee66eec606df

    • SHA256

      a0741b71fc10e54bc532c0d0de04dc433ad4de57bcbb3f68d27f4a96c8fd009d

    • SHA512

      86d38ef1414ab729d7d431c3625b60a8a3ebddac142e777b70e6636bc8340c883e416c108b93b29ac5ab4ddf178b3914b3757900bf313d2788c4b43b84323082

    • SSDEEP

      6144:dDws+tYNiypui6yYPaIGckfru5xyDpui6yYPaIGckSUl:dDdpV6yYP4rbpV6yYPgl

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks