Overview

overview

10

Static

static

3

bad43ff7e4...7N.exe

windows7-x64

10

bad43ff7e4...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bad43ff7e442740fc617c627189d00a924d1b57a76a1580710cee6278b3a5627N.exe

  • Size

    322KB

  • Sample

    241123-sb77taxja1

  • MD5

    c183e0179d33bbc8841bb98906f505b0

  • SHA1

    e3210cb6ee8f7fae47f65942eb3400fcf6578b98

  • SHA256

    bad43ff7e442740fc617c627189d00a924d1b57a76a1580710cee6278b3a5627

  • SHA512

    01b2bd9560ae7d71dac25f3a1e1b23b18cb30ef6d8e1da40bfc614a3ebc0ff5e3e1ec71db744627c77df8ef493aa0ab252e00ecf42042086c59913c0c2e50e61

  • SSDEEP

    1536:eSdsyvFMBSf6eDIOphQj+v6EAxfhX7NjgL9MhARQJTmDhdF+PhJFTq1dlCsTx4LB:eSzq2hIOs+SdpLNjgLyhAeJSVGZ3Odl

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bad43ff7e442740fc617c627189d00a924d1b57a76a1580710cee6278b3a5627N.exe

    • Size

      322KB

    • MD5

      c183e0179d33bbc8841bb98906f505b0

    • SHA1

      e3210cb6ee8f7fae47f65942eb3400fcf6578b98

    • SHA256

      bad43ff7e442740fc617c627189d00a924d1b57a76a1580710cee6278b3a5627

    • SHA512

      01b2bd9560ae7d71dac25f3a1e1b23b18cb30ef6d8e1da40bfc614a3ebc0ff5e3e1ec71db744627c77df8ef493aa0ab252e00ecf42042086c59913c0c2e50e61

    • SSDEEP

      1536:eSdsyvFMBSf6eDIOphQj+v6EAxfhX7NjgL9MhARQJTmDhdF+PhJFTq1dlCsTx4LB:eSzq2hIOs+SdpLNjgLyhAeJSVGZ3Odl

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks