Overview

overview

10

Static

static

3

31968a4eff...f2.exe

windows7-x64

10

31968a4eff...f2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31968a4eff6498f666890f50a451fa8e7c067f574c38f69adec75dac429496f2

  • Size

    93KB

  • Sample

    241123-zve4pssnhj

  • MD5

    37d562da53640b9558fed2da08a985d2

  • SHA1

    02b9e163aac2f163c1bc4e8d664257c43644c8fe

  • SHA256

    31968a4eff6498f666890f50a451fa8e7c067f574c38f69adec75dac429496f2

  • SHA512

    3b141f23dc5eebd3f1bc7ac1a3d64558eca6fb343aa4d4deadb6476a8871ca057d317fa6d114bf2e8ebc9f9bea3b53eeb8e6eb958f5fba7c4cc3cc2ff58798c3

  • SSDEEP

    1536:yigcg5zfTpSTb5lTYS/3DpqUwYacKPTOTaNrEcmhOsBsRQERkRLJzeLD9N0iQGR4:y1cgNNcP0SvYPpc6TDrE0s+eESJdEN0/

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      31968a4eff6498f666890f50a451fa8e7c067f574c38f69adec75dac429496f2

    • Size

      93KB

    • MD5

      37d562da53640b9558fed2da08a985d2

    • SHA1

      02b9e163aac2f163c1bc4e8d664257c43644c8fe

    • SHA256

      31968a4eff6498f666890f50a451fa8e7c067f574c38f69adec75dac429496f2

    • SHA512

      3b141f23dc5eebd3f1bc7ac1a3d64558eca6fb343aa4d4deadb6476a8871ca057d317fa6d114bf2e8ebc9f9bea3b53eeb8e6eb958f5fba7c4cc3cc2ff58798c3

    • SSDEEP

      1536:yigcg5zfTpSTb5lTYS/3DpqUwYacKPTOTaNrEcmhOsBsRQERkRLJzeLD9N0iQGR4:y1cgNNcP0SvYPpc6TDrE0s+eESJdEN0/

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks