Overview

overview

10

Static

static

3

21799004ce...3N.exe

windows7-x64

10

21799004ce...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21799004ce1409cb0b36fac1a1b4437ea2a825b1fa8eda0d09ee4f64c13e3803N.exe

  • Size

    224KB

  • Sample

    241207-14pj6swqbw

  • MD5

    9ae6b755b0082f4302354a08a5c52dd0

  • SHA1

    d06d5b2a0497ea42ecdf253208865037d2941349

  • SHA256

    21799004ce1409cb0b36fac1a1b4437ea2a825b1fa8eda0d09ee4f64c13e3803

  • SHA512

    ed18cd7356b8efe72516ec5245a6ca8e17f375067eda78cb1c176835b1c19490b7d8ab3ffa2d2fee4b702f1c1d92f2dff4bed130e7c7bde2cdb53966a52907c9

  • SSDEEP

    6144:uCELf41aXrFE4f9FIUpOVw86CmOJfTo9FIUIhrcflDML:uCGf1OaAD6RrI1+lDML

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      21799004ce1409cb0b36fac1a1b4437ea2a825b1fa8eda0d09ee4f64c13e3803N.exe

    • Size

      224KB

    • MD5

      9ae6b755b0082f4302354a08a5c52dd0

    • SHA1

      d06d5b2a0497ea42ecdf253208865037d2941349

    • SHA256

      21799004ce1409cb0b36fac1a1b4437ea2a825b1fa8eda0d09ee4f64c13e3803

    • SHA512

      ed18cd7356b8efe72516ec5245a6ca8e17f375067eda78cb1c176835b1c19490b7d8ab3ffa2d2fee4b702f1c1d92f2dff4bed130e7c7bde2cdb53966a52907c9

    • SSDEEP

      6144:uCELf41aXrFE4f9FIUpOVw86CmOJfTo9FIUIhrcflDML:uCGf1OaAD6RrI1+lDML

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks