Overview

overview

10

Static

static

3

3728bd8aa9...c4.exe

windows7-x64

10

3728bd8aa9...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3728bd8aa94523cc219d767e094f91dad861f1e691f0cef725ef74db6acbc6c4

  • Size

    94KB

  • Sample

    241208-1f8m5svkdy

  • MD5

    faa70a131d8d440090b46e82f2daa0fa

  • SHA1

    968994cab8ef7abb474f58258ac1530ed7b41958

  • SHA256

    3728bd8aa94523cc219d767e094f91dad861f1e691f0cef725ef74db6acbc6c4

  • SHA512

    4e6d6b5c48804bc0496181dc2decde01c8b0158f35aec0cdbf031c6421441736c6f944fa556f603033da36f5a8951ca07e7306c40aad60e453e8307dfd71f505

  • SSDEEP

    1536:+UngnRgDV5LuHRXCPUSUx57wKN+entP8r/BOVLFKRQDfRfRa9HprmRfRZ:F/DV5oQmH7wK0etPAKFKeDf5wkpv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3728bd8aa94523cc219d767e094f91dad861f1e691f0cef725ef74db6acbc6c4

    • Size

      94KB

    • MD5

      faa70a131d8d440090b46e82f2daa0fa

    • SHA1

      968994cab8ef7abb474f58258ac1530ed7b41958

    • SHA256

      3728bd8aa94523cc219d767e094f91dad861f1e691f0cef725ef74db6acbc6c4

    • SHA512

      4e6d6b5c48804bc0496181dc2decde01c8b0158f35aec0cdbf031c6421441736c6f944fa556f603033da36f5a8951ca07e7306c40aad60e453e8307dfd71f505

    • SSDEEP

      1536:+UngnRgDV5LuHRXCPUSUx57wKN+entP8r/BOVLFKRQDfRfRa9HprmRfRZ:F/DV5oQmH7wK0etPAKFKeDf5wkpv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks