Overview

overview

10

Static

static

3

eefb0806c6...eN.exe

windows7-x64

10

eefb0806c6...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eefb0806c66b69d45ae47f72a691bd3b95c20a2e48aeffd963a82467c82961aeN.exe

  • Size

    71KB

  • Sample

    241222-mfat8avldp

  • MD5

    d52537073d999d0548b36f2018b2b3a0

  • SHA1

    2150a09939b3742c3886cb4e78902fef5e080cc3

  • SHA256

    eefb0806c66b69d45ae47f72a691bd3b95c20a2e48aeffd963a82467c82961ae

  • SHA512

    074cff91efaecaf615da70b1ca2765fa39f2f742a4bf324174e667adeaeeb8599dedc76e69552fc66e4445b2b047d9f898174f985af12b8261410d6c328fe574

  • SSDEEP

    1536:u1Q8j9fjoskXYEncXRyfxMDhasbE31wRRQdvK1P+ATT5:WQ8BeIucXRyf+DlA3GeUP+A35

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      eefb0806c66b69d45ae47f72a691bd3b95c20a2e48aeffd963a82467c82961aeN.exe

    • Size

      71KB

    • MD5

      d52537073d999d0548b36f2018b2b3a0

    • SHA1

      2150a09939b3742c3886cb4e78902fef5e080cc3

    • SHA256

      eefb0806c66b69d45ae47f72a691bd3b95c20a2e48aeffd963a82467c82961ae

    • SHA512

      074cff91efaecaf615da70b1ca2765fa39f2f742a4bf324174e667adeaeeb8599dedc76e69552fc66e4445b2b047d9f898174f985af12b8261410d6c328fe574

    • SSDEEP

      1536:u1Q8j9fjoskXYEncXRyfxMDhasbE31wRRQdvK1P+ATT5:WQ8BeIucXRyf+DlA3GeUP+A35

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks