Overview

overview

10

Static

static

10

da8f24e9e1...5N.exe

windows7-x64

10

da8f24e9e1...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da8f24e9e129da76ceed2c6d225fd29911daea2195737d606f54e7db0de3e565N.exe

  • Size

    322KB

  • Sample

    241222-ks8wnsskck

  • MD5

    b168c07cd79cd21b7e38f75303efcb80

  • SHA1

    1d299393d26a244a36bead2a21a4ca50efa6eaf2

  • SHA256

    da8f24e9e129da76ceed2c6d225fd29911daea2195737d606f54e7db0de3e565

  • SHA512

    d0958424b536f4736654c48ad3320ff03dd52a96ed7de7d4c071edd73cbea8c8b01191593e30bfb8edd95fa9d30fbf754452475589a3006ccc54df2a39f912e5

  • SSDEEP

    3072:D7GCKTUcqjBqi+fx+kjZkpeKSVGZ3Odl:qy8nXkO

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      da8f24e9e129da76ceed2c6d225fd29911daea2195737d606f54e7db0de3e565N.exe

    • Size

      322KB

    • MD5

      b168c07cd79cd21b7e38f75303efcb80

    • SHA1

      1d299393d26a244a36bead2a21a4ca50efa6eaf2

    • SHA256

      da8f24e9e129da76ceed2c6d225fd29911daea2195737d606f54e7db0de3e565

    • SHA512

      d0958424b536f4736654c48ad3320ff03dd52a96ed7de7d4c071edd73cbea8c8b01191593e30bfb8edd95fa9d30fbf754452475589a3006ccc54df2a39f912e5

    • SSDEEP

      3072:D7GCKTUcqjBqi+fx+kjZkpeKSVGZ3Odl:qy8nXkO

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks