Overview

overview

10

Static

static

3

9d7d063234...eN.exe

windows7-x64

10

9d7d063234...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9d7d063234a8b73f650bc046c4e15309ad908d90d41c0c427865d1b5afb3a41eN.exe

  • Size

    482KB

  • Sample

    241208-fq7hlstqg1

  • MD5

    dc817c68c534237d4c55474b71038fe0

  • SHA1

    99881f5f446e9c97364fbb1db6c8eb1605b864c6

  • SHA256

    9d7d063234a8b73f650bc046c4e15309ad908d90d41c0c427865d1b5afb3a41e

  • SHA512

    71828953a3eba8f6b1ac7b81b97d28cbc80d9cbb55e18c65018b4fa4289ec6cf0165ae2ca5bbbdefab6064ebc7c99fd1fc6199350d14176668fbcce848f796fb

  • SSDEEP

    6144:OUw5m1xlt1hLl+wGXAF2PbgKLVGFM6234lKm3mo8Yvi4KsLTFM6234lKm3:jnLMwGXAF5KLVGFB24lwR45FB24l

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9d7d063234a8b73f650bc046c4e15309ad908d90d41c0c427865d1b5afb3a41eN.exe

    • Size

      482KB

    • MD5

      dc817c68c534237d4c55474b71038fe0

    • SHA1

      99881f5f446e9c97364fbb1db6c8eb1605b864c6

    • SHA256

      9d7d063234a8b73f650bc046c4e15309ad908d90d41c0c427865d1b5afb3a41e

    • SHA512

      71828953a3eba8f6b1ac7b81b97d28cbc80d9cbb55e18c65018b4fa4289ec6cf0165ae2ca5bbbdefab6064ebc7c99fd1fc6199350d14176668fbcce848f796fb

    • SSDEEP

      6144:OUw5m1xlt1hLl+wGXAF2PbgKLVGFM6234lKm3mo8Yvi4KsLTFM6234lKm3:jnLMwGXAF5KLVGFB24lwR45FB24l

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks