Overview

overview

10

Static

static

3

b1da5f972b...fN.exe

windows7-x64

10

b1da5f972b...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1da5f972bc1286ee36509c35e0dd37c72316757df1a58ba8b1098bbcfa9c44fN.exe

  • Size

    67KB

  • Sample

    241208-akvnza1rfz

  • MD5

    eb7c77f68196402ee7b992967be4d030

  • SHA1

    e1343467bf1c87877b2b24a8ee2a83a36fd6f87d

  • SHA256

    b1da5f972bc1286ee36509c35e0dd37c72316757df1a58ba8b1098bbcfa9c44f

  • SHA512

    f182b422169e701c10b8106860a1e6faa2fa24b968d4b5cacc83ce508751599fa636ea282c2d5cf02dbc185534672005037ec8dbd545f43856d6b37130f0cb50

  • SSDEEP

    1536:5AqYCeniYVkJMNE5flyzvarV++B7ZM3YIXJe2VRQcR/Rj:1VPno+B7ZMoAJeIecVx

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b1da5f972bc1286ee36509c35e0dd37c72316757df1a58ba8b1098bbcfa9c44fN.exe

    • Size

      67KB

    • MD5

      eb7c77f68196402ee7b992967be4d030

    • SHA1

      e1343467bf1c87877b2b24a8ee2a83a36fd6f87d

    • SHA256

      b1da5f972bc1286ee36509c35e0dd37c72316757df1a58ba8b1098bbcfa9c44f

    • SHA512

      f182b422169e701c10b8106860a1e6faa2fa24b968d4b5cacc83ce508751599fa636ea282c2d5cf02dbc185534672005037ec8dbd545f43856d6b37130f0cb50

    • SSDEEP

      1536:5AqYCeniYVkJMNE5flyzvarV++B7ZM3YIXJe2VRQcR/Rj:1VPno+B7ZMoAJeIecVx

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks