Overview

overview

10

Static

static

10

ff37e61ebb...01.exe

windows7-x64

10

ff37e61ebb...01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff37e61ebb3eb0a29279fa8d36dc3dba29b636d5c3dae52d63ccca0a500d0301.exe

  • Size

    249KB

  • Sample

    241222-j3912szqex

  • MD5

    f84a4262f2206a65ad504945202e6466

  • SHA1

    c77cbf8168408bd8280b1a05c3386b9b87844b6c

  • SHA256

    ff37e61ebb3eb0a29279fa8d36dc3dba29b636d5c3dae52d63ccca0a500d0301

  • SHA512

    5eed4931883b60a7933d69859345fbfe0b14014a5cf8ced1dd9003d05080d12dd931cebf44285d4b2aa88ec8102392340125773425885ee034e1c1f652193973

  • SSDEEP

    3072:DjX5IYIeb1gy9+HD58rIuuecUEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2oS:DNvDxt+j52LEdGTBki5CYtI8TAokZd

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ff37e61ebb3eb0a29279fa8d36dc3dba29b636d5c3dae52d63ccca0a500d0301.exe

    • Size

      249KB

    • MD5

      f84a4262f2206a65ad504945202e6466

    • SHA1

      c77cbf8168408bd8280b1a05c3386b9b87844b6c

    • SHA256

      ff37e61ebb3eb0a29279fa8d36dc3dba29b636d5c3dae52d63ccca0a500d0301

    • SHA512

      5eed4931883b60a7933d69859345fbfe0b14014a5cf8ced1dd9003d05080d12dd931cebf44285d4b2aa88ec8102392340125773425885ee034e1c1f652193973

    • SSDEEP

      3072:DjX5IYIeb1gy9+HD58rIuuecUEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2oS:DNvDxt+j52LEdGTBki5CYtI8TAokZd

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks