Overview

overview

10

Static

static

3

61c09eb38e...70.exe

windows7-x64

10

61c09eb38e...70.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61c09eb38e79201a67dc630419c377c82a4bb0df4e8f416e9e17645942c2b170

  • Size

    203KB

  • Sample

    241208-3b6n4a1jcp

  • MD5

    dbae812649a3e1033e23eda1443aa116

  • SHA1

    5d43f16c0328479617c82a7fa85ef0db4af7c406

  • SHA256

    61c09eb38e79201a67dc630419c377c82a4bb0df4e8f416e9e17645942c2b170

  • SHA512

    a88d06a31cb64cccbe770e4d3890710f7d1dde40df3a69358bc72d1ad7f7ae63cdb48ec8889c14bf48f92cda43a98c17a7b87e12c4a6d1bb784164ffeceb10b2

  • SSDEEP

    6144:FJL10ibcnRti9tnJfKXqPTX7D7FM6234lKm3mo8YG:FJLSacRtutJCXqP77D7FB24lwT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      61c09eb38e79201a67dc630419c377c82a4bb0df4e8f416e9e17645942c2b170

    • Size

      203KB

    • MD5

      dbae812649a3e1033e23eda1443aa116

    • SHA1

      5d43f16c0328479617c82a7fa85ef0db4af7c406

    • SHA256

      61c09eb38e79201a67dc630419c377c82a4bb0df4e8f416e9e17645942c2b170

    • SHA512

      a88d06a31cb64cccbe770e4d3890710f7d1dde40df3a69358bc72d1ad7f7ae63cdb48ec8889c14bf48f92cda43a98c17a7b87e12c4a6d1bb784164ffeceb10b2

    • SSDEEP

      6144:FJL10ibcnRti9tnJfKXqPTX7D7FM6234lKm3mo8YG:FJLSacRtutJCXqP77D7FB24lwT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks