Overview

overview

10

Static

static

3

e3941495d4...05.exe

windows7-x64

10

e3941495d4...05.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3941495d4e6256733fb5df4d3a2e09f119cedebc942a0f5359a66ba33d18b05.exe

  • Size

    71KB

  • Sample

    241203-wasbra1qbl

  • MD5

    40fd2e9deee4ec9f180c2cf748f3dd9e

  • SHA1

    78ddf09787394cbfc8b57e6fb404d620c30ce1cf

  • SHA256

    e3941495d4e6256733fb5df4d3a2e09f119cedebc942a0f5359a66ba33d18b05

  • SHA512

    f41c1d6f9c5f8bb795afa1c2c9719570b9c780e9d206047a8b5b19f3d0013747c90ec57c62180b9c41a4fe4792236a54dca1a10689f8d093b798f6f10d5e3e4f

  • SSDEEP

    1536:HOFYugrhLt8p2zSiifClYQdPQf5t1vlfX6jJ7qzf2RQwDbEyRCRRRoR4RkG:HO/In8z5f+pdYhflfq1o2emEy032yaG

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e3941495d4e6256733fb5df4d3a2e09f119cedebc942a0f5359a66ba33d18b05.exe

    • Size

      71KB

    • MD5

      40fd2e9deee4ec9f180c2cf748f3dd9e

    • SHA1

      78ddf09787394cbfc8b57e6fb404d620c30ce1cf

    • SHA256

      e3941495d4e6256733fb5df4d3a2e09f119cedebc942a0f5359a66ba33d18b05

    • SHA512

      f41c1d6f9c5f8bb795afa1c2c9719570b9c780e9d206047a8b5b19f3d0013747c90ec57c62180b9c41a4fe4792236a54dca1a10689f8d093b798f6f10d5e3e4f

    • SSDEEP

      1536:HOFYugrhLt8p2zSiifClYQdPQf5t1vlfX6jJ7qzf2RQwDbEyRCRRRoR4RkG:HO/In8z5f+pdYhflfq1o2emEy032yaG

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks