Overview

overview

10

Static

static

10

aa8399ff20...2d.exe

windows7-x64

10

aa8399ff20...2d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa8399ff2028d484e46f2e08623c4ea96f67c73d58ec8a5633c3c08913a29a2d

  • Size

    407KB

  • Sample

    241209-cegw2axpax

  • MD5

    297a4221087fbf80a405111245472846

  • SHA1

    01db18b8e7c422d195503c3a544d4d78a0c5a1d4

  • SHA256

    aa8399ff2028d484e46f2e08623c4ea96f67c73d58ec8a5633c3c08913a29a2d

  • SHA512

    7d626d34a77299037447c47f6a9572b1392742b571cfd485b25056588b0b5c7301e79c4c26c2d95e3f13ae6face5fa4731144590a20470390ec3407b108cc53f

  • SSDEEP

    12288:VxZGvd95pV6yYP3pV6yYPg058KpV6yYPS:Vs95W3WleKWS

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      aa8399ff2028d484e46f2e08623c4ea96f67c73d58ec8a5633c3c08913a29a2d

    • Size

      407KB

    • MD5

      297a4221087fbf80a405111245472846

    • SHA1

      01db18b8e7c422d195503c3a544d4d78a0c5a1d4

    • SHA256

      aa8399ff2028d484e46f2e08623c4ea96f67c73d58ec8a5633c3c08913a29a2d

    • SHA512

      7d626d34a77299037447c47f6a9572b1392742b571cfd485b25056588b0b5c7301e79c4c26c2d95e3f13ae6face5fa4731144590a20470390ec3407b108cc53f

    • SSDEEP

      12288:VxZGvd95pV6yYP3pV6yYPg058KpV6yYPS:Vs95W3WleKWS

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks