Overview

overview

10

Static

static

3

31b217bfd4...29.exe

windows7-x64

10

31b217bfd4...29.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31b217bfd4a957bc7bdcc035928ace1f0d3284108539c8ed1c6286483791c129.exe

  • Size

    71KB

  • Sample

    241222-q223dazpfz

  • MD5

    a867e35b55961e7b2ba35c898a8bc12d

  • SHA1

    2935d8f7fe32e9de908119da807394f212b3c8d1

  • SHA256

    31b217bfd4a957bc7bdcc035928ace1f0d3284108539c8ed1c6286483791c129

  • SHA512

    282b687174f24de31166976f34c88fd88adfe7adec0b045d756dc1e35c1c48a9e8429ea7be3fd6c1186360b59b141c49e746989216eec3c90fa861268ace8b17

  • SSDEEP

    1536:TlruM4sylcSVDysqeEkTjKPfzPeYFeRQZK1P+ATTL:cMQDyHuj+zPe7eIP+A3L

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      31b217bfd4a957bc7bdcc035928ace1f0d3284108539c8ed1c6286483791c129.exe

    • Size

      71KB

    • MD5

      a867e35b55961e7b2ba35c898a8bc12d

    • SHA1

      2935d8f7fe32e9de908119da807394f212b3c8d1

    • SHA256

      31b217bfd4a957bc7bdcc035928ace1f0d3284108539c8ed1c6286483791c129

    • SHA512

      282b687174f24de31166976f34c88fd88adfe7adec0b045d756dc1e35c1c48a9e8429ea7be3fd6c1186360b59b141c49e746989216eec3c90fa861268ace8b17

    • SSDEEP

      1536:TlruM4sylcSVDysqeEkTjKPfzPeYFeRQZK1P+ATTL:cMQDyHuj+zPe7eIP+A3L

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks