Overview

overview

10

Static

static

10

3591728944...ed.exe

windows7-x64

10

3591728944...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3591728944bdf0af19c3bc92d34d13afd8790fcf9f37a84a9ec1c570b4654ced.exe

  • Size

    464KB

  • Sample

    241209-qe876sykft

  • MD5

    f6c4cc9f68f101ab62790af0af43a2cb

  • SHA1

    f89929bfa0128da49c382723ac16ff1b6e097e07

  • SHA256

    3591728944bdf0af19c3bc92d34d13afd8790fcf9f37a84a9ec1c570b4654ced

  • SHA512

    ebf953701fded1c0e61f7362ca9e81c8b2aa28ebdcd7c0e2fdc7f54c6601b58fdce0e309ef0f07ae597a29dbc8dc506a5b8dbe10ce1730e66875b72d83c39677

  • SSDEEP

    6144:/2d8UawMvEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPC4:OCEVI2C4EVu2JEVcBEVI2C4

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3591728944bdf0af19c3bc92d34d13afd8790fcf9f37a84a9ec1c570b4654ced.exe

    • Size

      464KB

    • MD5

      f6c4cc9f68f101ab62790af0af43a2cb

    • SHA1

      f89929bfa0128da49c382723ac16ff1b6e097e07

    • SHA256

      3591728944bdf0af19c3bc92d34d13afd8790fcf9f37a84a9ec1c570b4654ced

    • SHA512

      ebf953701fded1c0e61f7362ca9e81c8b2aa28ebdcd7c0e2fdc7f54c6601b58fdce0e309ef0f07ae597a29dbc8dc506a5b8dbe10ce1730e66875b72d83c39677

    • SSDEEP

      6144:/2d8UawMvEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPC4:OCEVI2C4EVu2JEVcBEVI2C4

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks