Overview

overview

10

Static

static

3

7b2d3abda4...5N.exe

windows7-x64

10

7b2d3abda4...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b2d3abda4daa31fbac4ecd6cce7dd46d9edeac28b020ae9d81a432c6ddba585N.exe

  • Size

    71KB

  • Sample

    241123-vgb3nsyjd1

  • MD5

    cee7dbadd96191e0e087324c7ee84b50

  • SHA1

    8806b5e8dc37fd047033f875f3d07bcae9231715

  • SHA256

    7b2d3abda4daa31fbac4ecd6cce7dd46d9edeac28b020ae9d81a432c6ddba585

  • SHA512

    7c20f9bed4812b39024c6cb5bcca808301ac08cec55c2f2ebb5c9f9bb4544e9005bb03807a92c772955e7060159b1d915b1c265e4ed17ffa8c5f4f530300df72

  • SSDEEP

    1536:AfQgEX+uwWlp41lJp9JVeaeS8o0RQtDbEyRCRRRoR4Rki:kXCp4vJp6ldeBEy032yai

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7b2d3abda4daa31fbac4ecd6cce7dd46d9edeac28b020ae9d81a432c6ddba585N.exe

    • Size

      71KB

    • MD5

      cee7dbadd96191e0e087324c7ee84b50

    • SHA1

      8806b5e8dc37fd047033f875f3d07bcae9231715

    • SHA256

      7b2d3abda4daa31fbac4ecd6cce7dd46d9edeac28b020ae9d81a432c6ddba585

    • SHA512

      7c20f9bed4812b39024c6cb5bcca808301ac08cec55c2f2ebb5c9f9bb4544e9005bb03807a92c772955e7060159b1d915b1c265e4ed17ffa8c5f4f530300df72

    • SSDEEP

      1536:AfQgEX+uwWlp41lJp9JVeaeS8o0RQtDbEyRCRRRoR4Rki:kXCp4vJp6ldeBEy032yai

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks