Overview

overview

10

Static

static

3

31041754cc...09.exe

windows7-x64

10

31041754cc...09.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31041754cc55b507134dbc342c90560542fe7b6d0e5a3b408053e2ef5ceac909

  • Size

    93KB

  • Sample

    241123-zs186asmhr

  • MD5

    57e6492fad30f07df0a44329d8b40221

  • SHA1

    4abd7c903b71d25762b9cb860d71cd1c3a99edbe

  • SHA256

    31041754cc55b507134dbc342c90560542fe7b6d0e5a3b408053e2ef5ceac909

  • SHA512

    93b5b9e948168839ed7858c41183f603b15136ee0c98a79d65686269b2c62609951344ce82c6be64d2b5be2375ead4176357d88fe446fc803c4a14d5bb8feb2c

  • SSDEEP

    1536:oWjCjr6UIU4jYuMLEhnt+JSa7iRQrRRs3cO57OWxXPu4n6yYPLBgI7Ckf:lCdd6Yl4t+BierE9pui6yYPaI7Df

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      31041754cc55b507134dbc342c90560542fe7b6d0e5a3b408053e2ef5ceac909

    • Size

      93KB

    • MD5

      57e6492fad30f07df0a44329d8b40221

    • SHA1

      4abd7c903b71d25762b9cb860d71cd1c3a99edbe

    • SHA256

      31041754cc55b507134dbc342c90560542fe7b6d0e5a3b408053e2ef5ceac909

    • SHA512

      93b5b9e948168839ed7858c41183f603b15136ee0c98a79d65686269b2c62609951344ce82c6be64d2b5be2375ead4176357d88fe446fc803c4a14d5bb8feb2c

    • SSDEEP

      1536:oWjCjr6UIU4jYuMLEhnt+JSa7iRQrRRs3cO57OWxXPu4n6yYPLBgI7Ckf:lCdd6Yl4t+BierE9pui6yYPaI7Df

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks