Overview

overview

10

Static

static

3

5cb67d4c6b...b8.exe

windows7-x64

10

5cb67d4c6b...b8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cb67d4c6bc2a41437192e52d9b6328a0a41af37d1feaf1e03bcecb249a9bdb8

  • Size

    99KB

  • Sample

    241207-2zlhdsymfz

  • MD5

    7bffb034f6acf3fe5026c4ac060bda5d

  • SHA1

    816e5812262e05774a844866f09eb03a6d1c0400

  • SHA256

    5cb67d4c6bc2a41437192e52d9b6328a0a41af37d1feaf1e03bcecb249a9bdb8

  • SHA512

    5790fb77f2fe21717f03217a6dfca5cddcd955bf451b923b248bd456271be3183689e1351d932b3f8b8adeca9059892472594c5ddb5850ebea2f5c2ebcc02369

  • SSDEEP

    3072:ud+xyGu2eiIL9rYQ8xV5NnyildeyjpwoTRBmDRGGurhUI:NlfeiocNOilgxm7UI

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5cb67d4c6bc2a41437192e52d9b6328a0a41af37d1feaf1e03bcecb249a9bdb8

    • Size

      99KB

    • MD5

      7bffb034f6acf3fe5026c4ac060bda5d

    • SHA1

      816e5812262e05774a844866f09eb03a6d1c0400

    • SHA256

      5cb67d4c6bc2a41437192e52d9b6328a0a41af37d1feaf1e03bcecb249a9bdb8

    • SHA512

      5790fb77f2fe21717f03217a6dfca5cddcd955bf451b923b248bd456271be3183689e1351d932b3f8b8adeca9059892472594c5ddb5850ebea2f5c2ebcc02369

    • SSDEEP

      3072:ud+xyGu2eiIL9rYQ8xV5NnyildeyjpwoTRBmDRGGurhUI:NlfeiocNOilgxm7UI

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks