Overview

overview

10

Static

static

3

9b2eb6ed7f...8N.exe

windows7-x64

10

9b2eb6ed7f...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b2eb6ed7fe3db328deb2f393bb40ecd1464d6a9cba6c155d6682113fd64d748N.exe

  • Size

    512KB

  • Sample

    241123-tq6szaxnbv

  • MD5

    df31e1df088ab2a4a43501d021f12180

  • SHA1

    b5c425a5ed6dd5a3389d57a3f4d526bb54bad6e8

  • SHA256

    9b2eb6ed7fe3db328deb2f393bb40ecd1464d6a9cba6c155d6682113fd64d748

  • SHA512

    15cabbd5daff959ccddef553573761e4a61d86721be29b78b04fac0dd27a3f90ac2ef96ac7b3b342c152e9583817723782944e6e0636135e2e8c781209435d2c

  • SSDEEP

    6144:XoBDKk03FM6234lKm3mo8Yvi4KsLTFM6234lKm3r8SeNpgdyuH1lZfRo0V8JcgEl:XLkiFB24lwR45FB24lJ87g7/VycgEl

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9b2eb6ed7fe3db328deb2f393bb40ecd1464d6a9cba6c155d6682113fd64d748N.exe

    • Size

      512KB

    • MD5

      df31e1df088ab2a4a43501d021f12180

    • SHA1

      b5c425a5ed6dd5a3389d57a3f4d526bb54bad6e8

    • SHA256

      9b2eb6ed7fe3db328deb2f393bb40ecd1464d6a9cba6c155d6682113fd64d748

    • SHA512

      15cabbd5daff959ccddef553573761e4a61d86721be29b78b04fac0dd27a3f90ac2ef96ac7b3b342c152e9583817723782944e6e0636135e2e8c781209435d2c

    • SSDEEP

      6144:XoBDKk03FM6234lKm3mo8Yvi4KsLTFM6234lKm3r8SeNpgdyuH1lZfRo0V8JcgEl:XLkiFB24lwR45FB24lJ87g7/VycgEl

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks