Overview

overview

10

Static

static

3

e480e20baa...1f.exe

windows7-x64

10

e480e20baa...1f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e480e20baa8c729e693bb155f33e47ef58fcf8724360b0a539549bc605e3261f

  • Size

    71KB

  • Sample

    241210-b8xnxayrby

  • MD5

    c6573c141663f467321f95393c5d134a

  • SHA1

    9f26f917db53c3db195a3da694a001ddd77738c4

  • SHA256

    e480e20baa8c729e693bb155f33e47ef58fcf8724360b0a539549bc605e3261f

  • SHA512

    c0faa6005297d32f4f2b37eb32238dfc7b4a85e04a57531ed8ef05fe63615fad9a0d14cc30e84f03e7a263ea72fb0569dbd6a4325732ff2a7ce6bd9a201d8fa7

  • SSDEEP

    1536:sS/QtzdKm/hAUn5TTYfH3u93TJnjMoJRQUK1P+ATTr:sU4cOtpTYfoenP+A3r

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e480e20baa8c729e693bb155f33e47ef58fcf8724360b0a539549bc605e3261f

    • Size

      71KB

    • MD5

      c6573c141663f467321f95393c5d134a

    • SHA1

      9f26f917db53c3db195a3da694a001ddd77738c4

    • SHA256

      e480e20baa8c729e693bb155f33e47ef58fcf8724360b0a539549bc605e3261f

    • SHA512

      c0faa6005297d32f4f2b37eb32238dfc7b4a85e04a57531ed8ef05fe63615fad9a0d14cc30e84f03e7a263ea72fb0569dbd6a4325732ff2a7ce6bd9a201d8fa7

    • SSDEEP

      1536:sS/QtzdKm/hAUn5TTYfH3u93TJnjMoJRQUK1P+ATTr:sU4cOtpTYfoenP+A3r

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks