Extracted

• • Target

    8c7db4a2a033fd71a7e3bfb2a903d49f6a9f7f56e5fcb5c76c623c200e687945

  • Size

    84KB

  • MD5

    44e0a0e401e8680a6d89ffb3a94be9d8

  • SHA1

    f8e93af13e8bdc149ac13a4c4e80306b876ad139

  • SHA256

    8c7db4a2a033fd71a7e3bfb2a903d49f6a9f7f56e5fcb5c76c623c200e687945

  • SHA512

    98c2cd24a325ce5477237b12e40ea8037f88d677dbd0eec23f49da1ac43b02eeb203b271c4f7f8ae4f80943be6c77210e4813f89d5cff0b98ccc851e52efdc73

  • SSDEEP

    1536:rJ2SuLiu/utkdn1c6UlwfB9+D02XSREXHfVPfMVwNKT1iqWUPGc4T7VL3:r46uGv6UlwZUD3CREXdXNKT1ntPG9pb

  Score

  10^/10

  berbewbackdoordiscoverypersistence

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Berbew

    Berbew is a backdoor written in C++.

    backdoorberbew

  • Berbew family

    berbew

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2