Overview

overview

10

Static

static

3

397d6ba17e...c8.exe

windows7-x64

10

397d6ba17e...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    397d6ba17e6cbe53f42580c65a7dc628d46da502fc52b39122e6d1a854e746c8

  • Size

    256KB

  • Sample

    241222-1bc1nszkaw

  • MD5

    dfde424aef3e9a8ef11c0510034f28e3

  • SHA1

    d30ab04ad6430d635dd406cbc2c4ac11a77567f7

  • SHA256

    397d6ba17e6cbe53f42580c65a7dc628d46da502fc52b39122e6d1a854e746c8

  • SHA512

    7c7833e74efd1ca443168de3f3a1d92f53ff22a204160b3492b375f01374a761b3195493e80826ce588b92b96f5a04945aa359f9b771ee32e7ad17471e799286

  • SSDEEP

    6144:qyIu+NqPmvkbJtNxunXe8yhrtMsQBvli+RQFdp:qyIu65YvAO8qRMsrOQFn

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      397d6ba17e6cbe53f42580c65a7dc628d46da502fc52b39122e6d1a854e746c8

    • Size

      256KB

    • MD5

      dfde424aef3e9a8ef11c0510034f28e3

    • SHA1

      d30ab04ad6430d635dd406cbc2c4ac11a77567f7

    • SHA256

      397d6ba17e6cbe53f42580c65a7dc628d46da502fc52b39122e6d1a854e746c8

    • SHA512

      7c7833e74efd1ca443168de3f3a1d92f53ff22a204160b3492b375f01374a761b3195493e80826ce588b92b96f5a04945aa359f9b771ee32e7ad17471e799286

    • SSDEEP

      6144:qyIu+NqPmvkbJtNxunXe8yhrtMsQBvli+RQFdp:qyIu65YvAO8qRMsrOQFn

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks