Overview

overview

10

Static

static

3

bba003deef...62.exe

windows7-x64

10

bba003deef...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bba003deefaf05a86c31a06933fdb361ca554a14c2213b98f7a919ae48b95062

  • Size

    87KB

  • Sample

    241209-c3m3ystjgl

  • MD5

    fc87408c63fc60fd677a18bd99d14718

  • SHA1

    d57b4bfcf35bc8f2a7283381eba5aba245720e41

  • SHA256

    bba003deefaf05a86c31a06933fdb361ca554a14c2213b98f7a919ae48b95062

  • SHA512

    a594745fd59f6ce4ed080d41b255c430bb25a53d699c2fd0c4f3b6a0fad25f5fa572133e0887eabaaf484bb5f6c3894190c6906e08ea7cb26e127d4a1a497106

  • SSDEEP

    1536:OLket0z1vYVhcJHbR9Z8qHkK0rofc6epV6Wcoiet7bKR7njTcRQ48RSRBDNrR0Rw:OL6zdmRqHcMfc3Rcat7b0fcedAnDlmb+

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bba003deefaf05a86c31a06933fdb361ca554a14c2213b98f7a919ae48b95062

    • Size

      87KB

    • MD5

      fc87408c63fc60fd677a18bd99d14718

    • SHA1

      d57b4bfcf35bc8f2a7283381eba5aba245720e41

    • SHA256

      bba003deefaf05a86c31a06933fdb361ca554a14c2213b98f7a919ae48b95062

    • SHA512

      a594745fd59f6ce4ed080d41b255c430bb25a53d699c2fd0c4f3b6a0fad25f5fa572133e0887eabaaf484bb5f6c3894190c6906e08ea7cb26e127d4a1a497106

    • SSDEEP

      1536:OLket0z1vYVhcJHbR9Z8qHkK0rofc6epV6Wcoiet7bKR7njTcRQ48RSRBDNrR0Rw:OL6zdmRqHcMfc3Rcat7b0fcedAnDlmb+

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks