Overview

overview

10

Static

static

3

abac75c1db...eN.exe

windows7-x64

10

abac75c1db...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abac75c1db611790cd62f7a72d46d43b2b023220e2124c226bc90c5510f70e6eN.exe

  • Size

    71KB

  • Sample

    241208-adflgawrbp

  • MD5

    441b375b89d8fe8fa85cdfc2b38c6450

  • SHA1

    69dcaeaf496b8d17bbca33feeeb6ce7fcbe90087

  • SHA256

    abac75c1db611790cd62f7a72d46d43b2b023220e2124c226bc90c5510f70e6e

  • SHA512

    5f1cf87f8fd278f18ca459a5a4560ed8b73687e345d7c3aef0f09d0abc7ab7353d4f74325d70954a2c85e15ab3124cbe6fa85c8d282973bb47c7f46534cad574

  • SSDEEP

    1536:w/AqE2vGa0veJ8obS5ahHwvrW2+Hjr2m7Z93HRQ8DbEyRCRRRoR4Rkm:cPvGOJ3bS5ayvrnwjBjeaEy032yam

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      abac75c1db611790cd62f7a72d46d43b2b023220e2124c226bc90c5510f70e6eN.exe

    • Size

      71KB

    • MD5

      441b375b89d8fe8fa85cdfc2b38c6450

    • SHA1

      69dcaeaf496b8d17bbca33feeeb6ce7fcbe90087

    • SHA256

      abac75c1db611790cd62f7a72d46d43b2b023220e2124c226bc90c5510f70e6e

    • SHA512

      5f1cf87f8fd278f18ca459a5a4560ed8b73687e345d7c3aef0f09d0abc7ab7353d4f74325d70954a2c85e15ab3124cbe6fa85c8d282973bb47c7f46534cad574

    • SSDEEP

      1536:w/AqE2vGa0veJ8obS5ahHwvrW2+Hjr2m7Z93HRQ8DbEyRCRRRoR4Rkm:cPvGOJ3bS5ayvrnwjBjeaEy032yam

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks