Overview

overview

10

Static

static

3

d75ee1d921...05.exe

windows7-x64

10

d75ee1d921...05.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d75ee1d921589045ca4cee90ab48f56b2783452b4dd84f8c2b8a78de589b8b05

  • Size

    93KB

  • Sample

    241208-d3547szqfz

  • MD5

    ce7d6b6cefa99af06cc1f411564ccc57

  • SHA1

    17fc57537c3f62d68f333bddb62849b8d0e98e59

  • SHA256

    d75ee1d921589045ca4cee90ab48f56b2783452b4dd84f8c2b8a78de589b8b05

  • SHA512

    ad5262b376d7a3cb4d7a715c04977f5d380cce53bb974ad6648c35205d0c46638456ace378029ffd3383dab976bb8a1b8c77fd223ca996b0582888d10708a254

  • SSDEEP

    1536:jGbwYmA75VL3TuR8Gq6fDpDT3BfDMJIL2hiZLZiwbk0ao7h9TsRQGRkRLJzeLD9U:jq3PgR5DflxSILrZLZvI0P4eGSJdEN0l

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d75ee1d921589045ca4cee90ab48f56b2783452b4dd84f8c2b8a78de589b8b05

    • Size

      93KB

    • MD5

      ce7d6b6cefa99af06cc1f411564ccc57

    • SHA1

      17fc57537c3f62d68f333bddb62849b8d0e98e59

    • SHA256

      d75ee1d921589045ca4cee90ab48f56b2783452b4dd84f8c2b8a78de589b8b05

    • SHA512

      ad5262b376d7a3cb4d7a715c04977f5d380cce53bb974ad6648c35205d0c46638456ace378029ffd3383dab976bb8a1b8c77fd223ca996b0582888d10708a254

    • SSDEEP

      1536:jGbwYmA75VL3TuR8Gq6fDpDT3BfDMJIL2hiZLZiwbk0ao7h9TsRQGRkRLJzeLD9U:jq3PgR5DflxSILrZLZvI0P4eGSJdEN0l

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks