Overview

overview

10

Static

static

3

1016d75d4a...24.exe

windows7-x64

10

1016d75d4a...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1016d75d4a23481139702c95536fabe6cb1fcbd9c751f303c06d5a68c1159124.exe

  • Size

    71KB

  • Sample

    241210-gxb6qawkht

  • MD5

    1bcfec1851a2c66f4289c6ad95172ac7

  • SHA1

    22d5705f2c9cd5dee0538fb69c91dc8807d7124e

  • SHA256

    1016d75d4a23481139702c95536fabe6cb1fcbd9c751f303c06d5a68c1159124

  • SHA512

    20b459a34cc98461bc9104b2c88e4d5d2630aa4f93791b6b265f8f0b6c4f3b86f9c5341c657011d76024961801601039f08666cb31f78e87a75c49d391230d12

  • SSDEEP

    1536:DM8q8YAY+lX3C/9BAmd6AwtVPQ+YUuRDMH7jRQyDbEyRCRRRoR4Rkm:Q8TZY+JOBAQCt1rrjesEy032yam

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1016d75d4a23481139702c95536fabe6cb1fcbd9c751f303c06d5a68c1159124.exe

    • Size

      71KB

    • MD5

      1bcfec1851a2c66f4289c6ad95172ac7

    • SHA1

      22d5705f2c9cd5dee0538fb69c91dc8807d7124e

    • SHA256

      1016d75d4a23481139702c95536fabe6cb1fcbd9c751f303c06d5a68c1159124

    • SHA512

      20b459a34cc98461bc9104b2c88e4d5d2630aa4f93791b6b265f8f0b6c4f3b86f9c5341c657011d76024961801601039f08666cb31f78e87a75c49d391230d12

    • SSDEEP

      1536:DM8q8YAY+lX3C/9BAmd6AwtVPQ+YUuRDMH7jRQyDbEyRCRRRoR4Rkm:Q8TZY+JOBAQCt1rrjesEy032yam

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks