Overview

overview

10

Static

static

3

abe20890a1...a7.exe

windows7-x64

10

abe20890a1...a7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abe20890a1f4bf076b7f4387d4e71859904893fed97efe29a42d45c656e9eba7.exe

  • Size

    74KB

  • Sample

    241210-gzsaqawlhz

  • MD5

    8fe9f7f867ce1e033dc2009712dd45b3

  • SHA1

    2a67a2171da30af123ec2b0aca28a512a910aabe

  • SHA256

    abe20890a1f4bf076b7f4387d4e71859904893fed97efe29a42d45c656e9eba7

  • SHA512

    7c802d0e65162187d797df3713c7b6fab3e0ab9073cb40f53b8b2b31684fd62986b436ff251068e3b1fdaa79026f5b18d676431a0af879bbc935ffd9114412a0

  • SSDEEP

    1536:uSJcXiadCK1F5y/vQ9K+1lg4KUQ6wamjRQ0RcRes3cO57OWX:uQcXZYZvQcb4KUQVje0W19X

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      abe20890a1f4bf076b7f4387d4e71859904893fed97efe29a42d45c656e9eba7.exe

    • Size

      74KB

    • MD5

      8fe9f7f867ce1e033dc2009712dd45b3

    • SHA1

      2a67a2171da30af123ec2b0aca28a512a910aabe

    • SHA256

      abe20890a1f4bf076b7f4387d4e71859904893fed97efe29a42d45c656e9eba7

    • SHA512

      7c802d0e65162187d797df3713c7b6fab3e0ab9073cb40f53b8b2b31684fd62986b436ff251068e3b1fdaa79026f5b18d676431a0af879bbc935ffd9114412a0

    • SSDEEP

      1536:uSJcXiadCK1F5y/vQ9K+1lg4KUQ6wamjRQ0RcRes3cO57OWX:uQcXZYZvQcb4KUQVje0W19X

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks