Overview

overview

10

Static

static

3

fef7de3d6f...be.exe

windows7-x64

10

fef7de3d6f...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fef7de3d6ffdeaf0296d7860f84397231e257bf6e36ee54ecc3011d6f8ba83be

  • Size

    482KB

  • Sample

    241208-fj7vssynfq

  • MD5

    c9279da296b8041ca05a6d211dcd1714

  • SHA1

    1ae1d50918bed6f5607184e638e15e24cb94e4ec

  • SHA256

    fef7de3d6ffdeaf0296d7860f84397231e257bf6e36ee54ecc3011d6f8ba83be

  • SHA512

    e27e16560c65364d2c698f449e19c6253433a7c5994badd6500a086fcf8c1edf7cb92de0ba1348a19f9b96b20bb16e2f490b572393f7254f8b0bc0246943320b

  • SSDEEP

    12288:LQHOxLyLMwGXAF5KLVGFB24lwR45FB24l:LTxLyLZkO5KLVuPLP

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      fef7de3d6ffdeaf0296d7860f84397231e257bf6e36ee54ecc3011d6f8ba83be

    • Size

      482KB

    • MD5

      c9279da296b8041ca05a6d211dcd1714

    • SHA1

      1ae1d50918bed6f5607184e638e15e24cb94e4ec

    • SHA256

      fef7de3d6ffdeaf0296d7860f84397231e257bf6e36ee54ecc3011d6f8ba83be

    • SHA512

      e27e16560c65364d2c698f449e19c6253433a7c5994badd6500a086fcf8c1edf7cb92de0ba1348a19f9b96b20bb16e2f490b572393f7254f8b0bc0246943320b

    • SSDEEP

      12288:LQHOxLyLMwGXAF5KLVGFB24lwR45FB24l:LTxLyLZkO5KLVuPLP

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks