Overview

overview

10

Static

static

3

f596f0c196...5e.exe

windows7-x64

10

f596f0c196...5e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f596f0c196608b02b8acd6293edbdc46533b231e35ed749a5c8bf36b64ee195e.exe

  • Size

    71KB

  • Sample

    241207-mrm9paypgz

  • MD5

    ca0675899b303673454c835c3271c0b9

  • SHA1

    7239fd6cd438f2328c98576ffb2ed172a54c74d2

  • SHA256

    f596f0c196608b02b8acd6293edbdc46533b231e35ed749a5c8bf36b64ee195e

  • SHA512

    5561242eed67405ab690f49b45f95febd1635b7f567e056a19a893960aee1e79524347cd228b6853c0bf3c977107a6f630617ede4a4362417768c73285a30a17

  • SSDEEP

    1536:h20cDC2bLqXC/RUX7lYe+07pt33G0t8EscrwCCPGqn9gc9++ywJBOw9rz6L02rFo:MDxgYetptLzwC3099l7H6g2J5mLle3E/

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f596f0c196608b02b8acd6293edbdc46533b231e35ed749a5c8bf36b64ee195e.exe

    • Size

      71KB

    • MD5

      ca0675899b303673454c835c3271c0b9

    • SHA1

      7239fd6cd438f2328c98576ffb2ed172a54c74d2

    • SHA256

      f596f0c196608b02b8acd6293edbdc46533b231e35ed749a5c8bf36b64ee195e

    • SHA512

      5561242eed67405ab690f49b45f95febd1635b7f567e056a19a893960aee1e79524347cd228b6853c0bf3c977107a6f630617ede4a4362417768c73285a30a17

    • SSDEEP

      1536:h20cDC2bLqXC/RUX7lYe+07pt33G0t8EscrwCCPGqn9gc9++ywJBOw9rz6L02rFo:MDxgYetptLzwC3099l7H6g2J5mLle3E/

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks