Overview

overview

10

Static

static

10

16090c29c2...20.exe

windows7-x64

10

16090c29c2...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16090c29c26f6e60d404d220b4e90a0bfde746e7ae18fa7dbc6cfe5201d7b220

  • Size

    299KB

  • Sample

    241207-ytqnda1lfs

  • MD5

    ade381bc9a359130dd27ff91e0d0a09f

  • SHA1

    7181009ead07cb8b0c7c02bf81d08ca4ce7b5f98

  • SHA256

    16090c29c26f6e60d404d220b4e90a0bfde746e7ae18fa7dbc6cfe5201d7b220

  • SHA512

    db3baf1fd0436a9f4a8ace8312c9a34e6593bb78ad08871149e5c95c5d16fcac44ece8d660402f1ebfbd647c35898c5cd2eb8b031fb1b8922c824ede2761c501

  • SSDEEP

    3072:TKTeYmZ4gSbZog5ieuUEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2okZkRPKk:myYmZQd559EdGTBki5CYtI8TAokZ2EA

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      16090c29c26f6e60d404d220b4e90a0bfde746e7ae18fa7dbc6cfe5201d7b220

    • Size

      299KB

    • MD5

      ade381bc9a359130dd27ff91e0d0a09f

    • SHA1

      7181009ead07cb8b0c7c02bf81d08ca4ce7b5f98

    • SHA256

      16090c29c26f6e60d404d220b4e90a0bfde746e7ae18fa7dbc6cfe5201d7b220

    • SHA512

      db3baf1fd0436a9f4a8ace8312c9a34e6593bb78ad08871149e5c95c5d16fcac44ece8d660402f1ebfbd647c35898c5cd2eb8b031fb1b8922c824ede2761c501

    • SSDEEP

      3072:TKTeYmZ4gSbZog5ieuUEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2okZkRPKk:myYmZQd559EdGTBki5CYtI8TAokZ2EA

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks