Overview

overview

10

Static

static

3

b2a322464a...3b.exe

windows7-x64

10

b2a322464a...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2a322464ae3cc85810055effa0a62c4bed9641d0c7381e1a606bf4ddf6f303b

  • Size

    95KB

  • Sample

    241210-anxbzawrcx

  • MD5

    581a4ce3963db065116d1e82d66209c7

  • SHA1

    cd322d65b511eb86d7932353161cd07666611214

  • SHA256

    b2a322464ae3cc85810055effa0a62c4bed9641d0c7381e1a606bf4ddf6f303b

  • SHA512

    d2cee7fde5185c95fd3147cf5315a00b35b793e48c13a2f7cc723424ee568a6637674acfe3d06311296c155608ffb5c5aba56e4fd1afb3e3d460040f71b6631c

  • SSDEEP

    1536:toYm1/jU8zlynC0/iTrpQIAXOXzXHCkqRQrMnRVRoRch1dROrwpOudRirVtFsrTO:tk1jUElyC0/inSIA+XD3qegTWM1dQrTH

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b2a322464ae3cc85810055effa0a62c4bed9641d0c7381e1a606bf4ddf6f303b

    • Size

      95KB

    • MD5

      581a4ce3963db065116d1e82d66209c7

    • SHA1

      cd322d65b511eb86d7932353161cd07666611214

    • SHA256

      b2a322464ae3cc85810055effa0a62c4bed9641d0c7381e1a606bf4ddf6f303b

    • SHA512

      d2cee7fde5185c95fd3147cf5315a00b35b793e48c13a2f7cc723424ee568a6637674acfe3d06311296c155608ffb5c5aba56e4fd1afb3e3d460040f71b6631c

    • SSDEEP

      1536:toYm1/jU8zlynC0/iTrpQIAXOXzXHCkqRQrMnRVRoRch1dROrwpOudRirVtFsrTO:tk1jUElyC0/inSIA+XD3qegTWM1dQrTH

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks