Overview

overview

10

Static

static

3

d026da12d1...af.exe

windows7-x64

10

d026da12d1...af.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d026da12d15fa370ef8e685b50d2d3e04853206185931b559ce09770d1fc64af

  • Size

    322KB

  • Sample

    241208-dvk43avmgq

  • MD5

    a24c398a4acb64958373eb056a7265f4

  • SHA1

    bcd8986ba3b6f2888730fdc56309c5ebbe43f3d7

  • SHA256

    d026da12d15fa370ef8e685b50d2d3e04853206185931b559ce09770d1fc64af

  • SHA512

    9e42d9ce3ebd9ef2e8dc37806ac3582546e75af01d5e29cb12f2d6c06e09958f35e5024c50996c4e14ef5cfc9d04aa41ba945591f0068be18a5a9851b31e0a97

  • SSDEEP

    3072:VmWf05AHN7bG3mIoxJQMPKpna9PeQSVGZ3Odl:U5AHZbBIoxjPGpkO

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d026da12d15fa370ef8e685b50d2d3e04853206185931b559ce09770d1fc64af

    • Size

      322KB

    • MD5

      a24c398a4acb64958373eb056a7265f4

    • SHA1

      bcd8986ba3b6f2888730fdc56309c5ebbe43f3d7

    • SHA256

      d026da12d15fa370ef8e685b50d2d3e04853206185931b559ce09770d1fc64af

    • SHA512

      9e42d9ce3ebd9ef2e8dc37806ac3582546e75af01d5e29cb12f2d6c06e09958f35e5024c50996c4e14ef5cfc9d04aa41ba945591f0068be18a5a9851b31e0a97

    • SSDEEP

      3072:VmWf05AHN7bG3mIoxJQMPKpna9PeQSVGZ3Odl:U5AHZbBIoxjPGpkO

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks