Overview

overview

10

Static

static

3

d0459c38ea...29.exe

windows7-x64

10

d0459c38ea...29.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0459c38ead006fb46f16fc6e5d0e682b395d9547f8d1a8bffefe921c6784029

  • Size

    71KB

  • Sample

    241208-dvwwkavmhk

  • MD5

    781f8dc328b5313f1019fa1a17661209

  • SHA1

    0163d10afb1bce1f2f24e609ee61bf90d042c399

  • SHA256

    d0459c38ead006fb46f16fc6e5d0e682b395d9547f8d1a8bffefe921c6784029

  • SHA512

    3417e18f4f0fef4e648f74feb392cc870a9b24a7e9b48b31fc5a5f77a1846d65e30019545cc8530072555fa26b263396d050934d9bc093986ab6bc10db63cf9e

  • SSDEEP

    1536:1iuAVo5qiPxycraq38zKVNl3usm3QfTLqGXxhGI5kuVXRQy+K1P+ATTL:guQonpPf8UK+fVxk2e0P+A3L

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d0459c38ead006fb46f16fc6e5d0e682b395d9547f8d1a8bffefe921c6784029

    • Size

      71KB

    • MD5

      781f8dc328b5313f1019fa1a17661209

    • SHA1

      0163d10afb1bce1f2f24e609ee61bf90d042c399

    • SHA256

      d0459c38ead006fb46f16fc6e5d0e682b395d9547f8d1a8bffefe921c6784029

    • SHA512

      3417e18f4f0fef4e648f74feb392cc870a9b24a7e9b48b31fc5a5f77a1846d65e30019545cc8530072555fa26b263396d050934d9bc093986ab6bc10db63cf9e

    • SSDEEP

      1536:1iuAVo5qiPxycraq38zKVNl3usm3QfTLqGXxhGI5kuVXRQy+K1P+ATTL:guQonpPf8UK+fVxk2e0P+A3L

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks