Overview

overview

10

Static

static

3

cce479f6fe...1N.exe

windows7-x64

10

cce479f6fe...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cce479f6fe2ce1dd3dc463697fe9db15dcb0d2a4d79f3e490165f26fa6ab3eb1N.exe

  • Size

    72KB

  • Sample

    241222-nx5llaxlbr

  • MD5

    81d345fd7a60c6cbb963eab300ebbcb0

  • SHA1

    fa7c4d2014ea66166426708eb5095f76cbbce08e

  • SHA256

    cce479f6fe2ce1dd3dc463697fe9db15dcb0d2a4d79f3e490165f26fa6ab3eb1

  • SHA512

    5722ac31372ae0d4b68cddfc0d8d3d469578bb48f687950010b593beb7cfd2d7338facded89aee5b344b0bce7be84eec8f556497e83f52ce788c5390bee1d9c8

  • SSDEEP

    1536:kzbOrWvO7yTXQsnJyQ+RYk86lP/21BRQT0DbEyRCRRRoR4Rk4:kTxTRnJyQ+RYk8J1BeTyEy032ya4

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      cce479f6fe2ce1dd3dc463697fe9db15dcb0d2a4d79f3e490165f26fa6ab3eb1N.exe

    • Size

      72KB

    • MD5

      81d345fd7a60c6cbb963eab300ebbcb0

    • SHA1

      fa7c4d2014ea66166426708eb5095f76cbbce08e

    • SHA256

      cce479f6fe2ce1dd3dc463697fe9db15dcb0d2a4d79f3e490165f26fa6ab3eb1

    • SHA512

      5722ac31372ae0d4b68cddfc0d8d3d469578bb48f687950010b593beb7cfd2d7338facded89aee5b344b0bce7be84eec8f556497e83f52ce788c5390bee1d9c8

    • SSDEEP

      1536:kzbOrWvO7yTXQsnJyQ+RYk86lP/21BRQT0DbEyRCRRRoR4Rk4:kTxTRnJyQ+RYk8J1BeTyEy032ya4

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks