Overview

overview

10

Static

static

3

49d7a9d24c...e8.exe

windows7-x64

10

49d7a9d24c...e8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49d7a9d24c8559954d2fc2db815b947d96a589a56ae6adff1ccfd6c6be3bebe8

  • Size

    87KB

  • Sample

    241208-2ahefaznan

  • MD5

    44c47ebe1fafb077e95ace3616580146

  • SHA1

    c7d28ff6af45da99ef4c0350eb800d53ec20af51

  • SHA256

    49d7a9d24c8559954d2fc2db815b947d96a589a56ae6adff1ccfd6c6be3bebe8

  • SHA512

    dfb85ce83172b1b24b12c2ab7d1e083927f14e0303c4bfb310f1c661c77b1d2c69f30cfff7e6ffd2452f8589448559b4aed1f2fa3f37f9f14a7887f85a7d8bfc

  • SSDEEP

    1536:/oaEQ+alc4GbPgc64dr2Azi9CeLD15ZbkRnRQ4hARSRBDNrR0RVe7R6R8RPD2zw:/oZQ+xHi4VHzjs7qeIAAnDlmbGcGFDew

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      49d7a9d24c8559954d2fc2db815b947d96a589a56ae6adff1ccfd6c6be3bebe8

    • Size

      87KB

    • MD5

      44c47ebe1fafb077e95ace3616580146

    • SHA1

      c7d28ff6af45da99ef4c0350eb800d53ec20af51

    • SHA256

      49d7a9d24c8559954d2fc2db815b947d96a589a56ae6adff1ccfd6c6be3bebe8

    • SHA512

      dfb85ce83172b1b24b12c2ab7d1e083927f14e0303c4bfb310f1c661c77b1d2c69f30cfff7e6ffd2452f8589448559b4aed1f2fa3f37f9f14a7887f85a7d8bfc

    • SSDEEP

      1536:/oaEQ+alc4GbPgc64dr2Azi9CeLD15ZbkRnRQ4hARSRBDNrR0RVe7R6R8RPD2zw:/oZQ+xHi4VHzjs7qeIAAnDlmbGcGFDew

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks