Overview

overview

10

Static

static

3

0cf3d40c80...92.exe

windows7-x64

10

0cf3d40c80...92.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cf3d40c805c72824d5db49faaf60968311a4768af43ede092dc67c9b2d80092.exe

  • Size

    896KB

  • Sample

    241203-wks12askem

  • MD5

    9158b6153b9e8800dc3c69e41d36e84f

  • SHA1

    7b34916f9c9be3dbce17bf609f7ac956b6693167

  • SHA256

    0cf3d40c805c72824d5db49faaf60968311a4768af43ede092dc67c9b2d80092

  • SHA512

    adcb706ce2c85fc23bcc839fdd7857c00c892d6ab97f6b0da92b3e4f1f3ab6134b291bf694217a5361da96017a054cdf2f9a4cccb65415e45c18c696e02b13a9

  • SSDEEP

    12288:Zad/ByvNv54B9f01ZmqLonfBHLqF1Nw5ILonfByvNv5HP:Sovr4B9f01ZmoENOVvrv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0cf3d40c805c72824d5db49faaf60968311a4768af43ede092dc67c9b2d80092.exe

    • Size

      896KB

    • MD5

      9158b6153b9e8800dc3c69e41d36e84f

    • SHA1

      7b34916f9c9be3dbce17bf609f7ac956b6693167

    • SHA256

      0cf3d40c805c72824d5db49faaf60968311a4768af43ede092dc67c9b2d80092

    • SHA512

      adcb706ce2c85fc23bcc839fdd7857c00c892d6ab97f6b0da92b3e4f1f3ab6134b291bf694217a5361da96017a054cdf2f9a4cccb65415e45c18c696e02b13a9

    • SSDEEP

      12288:Zad/ByvNv54B9f01ZmqLonfBHLqF1Nw5ILonfByvNv5HP:Sovr4B9f01ZmoENOVvrv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks