Overview

overview

10

Static

static

3

8d6046d7e6...20.exe

windows7-x64

10

8d6046d7e6...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d6046d7e6306feb311beb52f2118f400dbfaadaf3e340dbabfc0289c442c120.exe

  • Size

    482KB

  • Sample

    241207-l8ztdatlgm

  • MD5

    c0a1930ddb83b20cf589256cc124a4d3

  • SHA1

    91c28b9bab3d129da80adc92debe44d5d7eebb3e

  • SHA256

    8d6046d7e6306feb311beb52f2118f400dbfaadaf3e340dbabfc0289c442c120

  • SHA512

    03fb166da6ed281b4e2c6f7d5f4ac6a56e9d5cac31ad878d50e826f9431118d0922ddd932fc84ae52ebce9274be5c971c96d1e070b85d07c066ebc243e1a73cd

  • SSDEEP

    6144:l1wmDmeG4jLl+wGXAF2PbgKLVGFM6234lKm3mo8Yvi4KsLTFM6234lKm3S:Aa+yLMwGXAF5KLVGFB24lwR45FB24lg

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8d6046d7e6306feb311beb52f2118f400dbfaadaf3e340dbabfc0289c442c120.exe

    • Size

      482KB

    • MD5

      c0a1930ddb83b20cf589256cc124a4d3

    • SHA1

      91c28b9bab3d129da80adc92debe44d5d7eebb3e

    • SHA256

      8d6046d7e6306feb311beb52f2118f400dbfaadaf3e340dbabfc0289c442c120

    • SHA512

      03fb166da6ed281b4e2c6f7d5f4ac6a56e9d5cac31ad878d50e826f9431118d0922ddd932fc84ae52ebce9274be5c971c96d1e070b85d07c066ebc243e1a73cd

    • SSDEEP

      6144:l1wmDmeG4jLl+wGXAF2PbgKLVGFM6234lKm3mo8Yvi4KsLTFM6234lKm3S:Aa+yLMwGXAF5KLVGFB24lwR45FB24lg

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks