Overview

overview

10

Static

static

3

e963733bbf...df.exe

windows7-x64

10

e963733bbf...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e963733bbfc42edc94dc91c2640d8d2eba4535e61f7ee8328663f07a0bcffadf.exe

  • Size

    71KB

  • Sample

    241222-m9kxaawmdr

  • MD5

    539a9e33c2a56b91db7341e7a94ac852

  • SHA1

    954a9cef945f218ebb478e20ae0a42a8eb8f1060

  • SHA256

    e963733bbfc42edc94dc91c2640d8d2eba4535e61f7ee8328663f07a0bcffadf

  • SHA512

    6764e9336f2795037dedafcc900aae60a34766e4ad4c88a1af151a274133b061dfb7864ab4e1145239f44b2029a905844c1884d4704075d7aac5ba555b4902e0

  • SSDEEP

    1536:KwgV9nFFtw4I1jNL9bqO11GJ+RU8apmRQbDbEyRCRRRoR4RkG:Kd7n3K3dNt1FRU8apmeLEy032yaG

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e963733bbfc42edc94dc91c2640d8d2eba4535e61f7ee8328663f07a0bcffadf.exe

    • Size

      71KB

    • MD5

      539a9e33c2a56b91db7341e7a94ac852

    • SHA1

      954a9cef945f218ebb478e20ae0a42a8eb8f1060

    • SHA256

      e963733bbfc42edc94dc91c2640d8d2eba4535e61f7ee8328663f07a0bcffadf

    • SHA512

      6764e9336f2795037dedafcc900aae60a34766e4ad4c88a1af151a274133b061dfb7864ab4e1145239f44b2029a905844c1884d4704075d7aac5ba555b4902e0

    • SSDEEP

      1536:KwgV9nFFtw4I1jNL9bqO11GJ+RU8apmRQbDbEyRCRRRoR4RkG:Kd7n3K3dNt1FRU8apmeLEy032yaG

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks