Overview

overview

10

Static

static

3

619d19a3d1...8N.exe

windows7-x64

10

619d19a3d1...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    619d19a3d1128f4899f6816b4366d84ba4132328cc52c5da2d6b60f18e6002f8N.exe

  • Size

    194KB

  • Sample

    241207-z9r2tavjcs

  • MD5

    baffe3572fdfb68373322c5ba20e8e70

  • SHA1

    3183087d626d34dcbf39dafd531f24fcb7ff027b

  • SHA256

    619d19a3d1128f4899f6816b4366d84ba4132328cc52c5da2d6b60f18e6002f8

  • SHA512

    ffbe4840f197d61a04f11484a91c4cb33ceaf6cc29e778b3ea4a07696a5cf9fb642b0eb2a35a551f5a01fefef0bded8ba22ccd28d29d07bcefab870c8b39292a

  • SSDEEP

    3072:4Cq2jwDr0y+4q1xebGoleegu+tAcrbFAJc+RsUi1aVDkOvhJjvJ+uFli55p1:4yjwvr+f1u+9rtMsQBvli

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      619d19a3d1128f4899f6816b4366d84ba4132328cc52c5da2d6b60f18e6002f8N.exe

    • Size

      194KB

    • MD5

      baffe3572fdfb68373322c5ba20e8e70

    • SHA1

      3183087d626d34dcbf39dafd531f24fcb7ff027b

    • SHA256

      619d19a3d1128f4899f6816b4366d84ba4132328cc52c5da2d6b60f18e6002f8

    • SHA512

      ffbe4840f197d61a04f11484a91c4cb33ceaf6cc29e778b3ea4a07696a5cf9fb642b0eb2a35a551f5a01fefef0bded8ba22ccd28d29d07bcefab870c8b39292a

    • SSDEEP

      3072:4Cq2jwDr0y+4q1xebGoleegu+tAcrbFAJc+RsUi1aVDkOvhJjvJ+uFli55p1:4yjwvr+f1u+9rtMsQBvli

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks