Overview

overview

10

Static

static

3

ec3b5ff2a8...6N.exe

windows7-x64

10

ec3b5ff2a8...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec3b5ff2a8776d113ac2c2b71897104eeda67bd9640eff03122c4d67827e98e6N.exe

  • Size

    71KB

  • Sample

    241207-mgke2stpgk

  • MD5

    828ad1e119702c22977efde44282f710

  • SHA1

    6afa0b1fc303dd9fa3adb3abe8f0e2b260c26bd4

  • SHA256

    ec3b5ff2a8776d113ac2c2b71897104eeda67bd9640eff03122c4d67827e98e6

  • SHA512

    505a548077a8b448d6844aed687eada747f06e9a2186840e0c798f2498cd949f21fdbd7ed68ba5e53ba50603be7bd8d8674be29236ac0844d2a334832830e242

  • SSDEEP

    1536:h20cDC2bLqXC/RUX7lYe+07pt33G0t8EscrwCCPGqn9gc9++ywJBOw9rz6L02rFo:MDxgYetptLzwC3099l7H6g2J5mLle3Ev

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ec3b5ff2a8776d113ac2c2b71897104eeda67bd9640eff03122c4d67827e98e6N.exe

    • Size

      71KB

    • MD5

      828ad1e119702c22977efde44282f710

    • SHA1

      6afa0b1fc303dd9fa3adb3abe8f0e2b260c26bd4

    • SHA256

      ec3b5ff2a8776d113ac2c2b71897104eeda67bd9640eff03122c4d67827e98e6

    • SHA512

      505a548077a8b448d6844aed687eada747f06e9a2186840e0c798f2498cd949f21fdbd7ed68ba5e53ba50603be7bd8d8674be29236ac0844d2a334832830e242

    • SSDEEP

      1536:h20cDC2bLqXC/RUX7lYe+07pt33G0t8EscrwCCPGqn9gc9++ywJBOw9rz6L02rFo:MDxgYetptLzwC3099l7H6g2J5mLle3Ev

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks