Overview

overview

10

Static

static

10

181459607f...c4.exe

windows7-x64

10

181459607f...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    181459607f1ac159cb5a942b3f6fc7382e915650eb0b4f6c4e8e3f0645ff75c4.exe

  • Size

    384KB

  • Sample

    241222-g6kt8axnhn

  • MD5

    cab1fe7df1cac322fb7ef0f7cef1b03e

  • SHA1

    b79adc711f47b9cdf11d1e759fdba1e1bf6a8c5a

  • SHA256

    181459607f1ac159cb5a942b3f6fc7382e915650eb0b4f6c4e8e3f0645ff75c4

  • SHA512

    3a3957c5a0602a08f1f67cb6e0d307124e149a52d20be31482006571515b7360feceb38e4f7ce9fe77bd67f7e6ce8bf3027761f8178a4b754d87a6c374957ebc

  • SSDEEP

    6144:m46YrpzhvTsi48a8SeNpgdyuH1lZfRo0V8JcgE+ezpg1m:m46YNzhT+87g7/VycgE8m

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      181459607f1ac159cb5a942b3f6fc7382e915650eb0b4f6c4e8e3f0645ff75c4.exe

    • Size

      384KB

    • MD5

      cab1fe7df1cac322fb7ef0f7cef1b03e

    • SHA1

      b79adc711f47b9cdf11d1e759fdba1e1bf6a8c5a

    • SHA256

      181459607f1ac159cb5a942b3f6fc7382e915650eb0b4f6c4e8e3f0645ff75c4

    • SHA512

      3a3957c5a0602a08f1f67cb6e0d307124e149a52d20be31482006571515b7360feceb38e4f7ce9fe77bd67f7e6ce8bf3027761f8178a4b754d87a6c374957ebc

    • SSDEEP

      6144:m46YrpzhvTsi48a8SeNpgdyuH1lZfRo0V8JcgE+ezpg1m:m46YNzhT+87g7/VycgE8m

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks