Overview

overview

10

Static

static

3

f63bcc2de0...4N.exe

windows7-x64

10

f63bcc2de0...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f63bcc2de0ec85ba036e91e929ba85d9894b765649d2f847f209068a866e8294N.exe

  • Size

    482KB

  • Sample

    241208-fdfjcstkgv

  • MD5

    3b810bbc2e4221a5a8e7fb309761a660

  • SHA1

    9202bb2b9d938348ae682608393c3b13e2d3756f

  • SHA256

    f63bcc2de0ec85ba036e91e929ba85d9894b765649d2f847f209068a866e8294

  • SHA512

    6a7f1f90617c871c8054431b467f39afc8aab6d92cf25aac8693a3d2de6fe4ef67aa4417c326430b84046021d9d93e782342ffa88c8b2aad71d6b9e5d7d211da

  • SSDEEP

    12288:cPHWKwLMwGXAF5KLVGFB24lwR45FB24l:ewLZkO5KLVuPLP

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f63bcc2de0ec85ba036e91e929ba85d9894b765649d2f847f209068a866e8294N.exe

    • Size

      482KB

    • MD5

      3b810bbc2e4221a5a8e7fb309761a660

    • SHA1

      9202bb2b9d938348ae682608393c3b13e2d3756f

    • SHA256

      f63bcc2de0ec85ba036e91e929ba85d9894b765649d2f847f209068a866e8294

    • SHA512

      6a7f1f90617c871c8054431b467f39afc8aab6d92cf25aac8693a3d2de6fe4ef67aa4417c326430b84046021d9d93e782342ffa88c8b2aad71d6b9e5d7d211da

    • SSDEEP

      12288:cPHWKwLMwGXAF5KLVGFB24lwR45FB24l:ewLZkO5KLVuPLP

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks