Overview

overview

10

Static

static

10

ea114a345d...eb.exe

windows7-x64

10

ea114a345d...eb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea114a345d6eb2800bc5da6646aaed1a4d6d064c714fd5f84711af358e8737eb

  • Size

    104KB

  • Sample

    241210-cfz41avkhl

  • MD5

    fa0394279d77fd5048b0ba74066d7798

  • SHA1

    ef0666df2c61b35874f905d569676ae63c05d1a8

  • SHA256

    ea114a345d6eb2800bc5da6646aaed1a4d6d064c714fd5f84711af358e8737eb

  • SHA512

    5a3622b988bc7bfe7c2b19dc17cd66dfba71ddb82f4f7e6ed347be02b3e2d7cbd2143ccba12325dc1bff25354ef7785ec48bcb85f421bf5d8948cda0ce8209f3

  • SSDEEP

    3072:QR3DatSTLsIXSWB+ZnU1Gte54x7cEGrhkngpDvchkqbAIQS:QRTatSESlUZnU354x4brq2Ahn

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ea114a345d6eb2800bc5da6646aaed1a4d6d064c714fd5f84711af358e8737eb

    • Size

      104KB

    • MD5

      fa0394279d77fd5048b0ba74066d7798

    • SHA1

      ef0666df2c61b35874f905d569676ae63c05d1a8

    • SHA256

      ea114a345d6eb2800bc5da6646aaed1a4d6d064c714fd5f84711af358e8737eb

    • SHA512

      5a3622b988bc7bfe7c2b19dc17cd66dfba71ddb82f4f7e6ed347be02b3e2d7cbd2143ccba12325dc1bff25354ef7785ec48bcb85f421bf5d8948cda0ce8209f3

    • SSDEEP

      3072:QR3DatSTLsIXSWB+ZnU1Gte54x7cEGrhkngpDvchkqbAIQS:QRTatSESlUZnU354x4brq2Ahn

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks