Overview

overview

10

Static

static

3

e2961d9375...34.exe

windows7-x64

10

e2961d9375...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2961d9375ca36d3cb232fb45cc160c4bb44b0bc26212582d2f3ae7d49776734

  • Size

    93KB

  • Sample

    241223-el5b1svrgz

  • MD5

    c5751bdf718ddc292f6f07d5ddc495aa

  • SHA1

    8fe9aefee1ae197bc5af4d7ffe0cfe08425bf06a

  • SHA256

    e2961d9375ca36d3cb232fb45cc160c4bb44b0bc26212582d2f3ae7d49776734

  • SHA512

    b83e5636a61e158a44e8d1e2059bf7d0be13e80f1c07c5f2e1b2c2ef7938b2b4821bcbcfdcd2d63c6d751cada78e71e849809ef95921f5ddb3610c2056e6d4d6

  • SSDEEP

    1536:i2Ay/wm1V1u1f1Z0v6MPV9M2y+hFj0MTTXfyuX4sdViL2OWUSIgsRQoRkRLJzeL2:GsfnurWFV9pzfj0MTTvyuX4sXiL2LOeV

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e2961d9375ca36d3cb232fb45cc160c4bb44b0bc26212582d2f3ae7d49776734

    • Size

      93KB

    • MD5

      c5751bdf718ddc292f6f07d5ddc495aa

    • SHA1

      8fe9aefee1ae197bc5af4d7ffe0cfe08425bf06a

    • SHA256

      e2961d9375ca36d3cb232fb45cc160c4bb44b0bc26212582d2f3ae7d49776734

    • SHA512

      b83e5636a61e158a44e8d1e2059bf7d0be13e80f1c07c5f2e1b2c2ef7938b2b4821bcbcfdcd2d63c6d751cada78e71e849809ef95921f5ddb3610c2056e6d4d6

    • SSDEEP

      1536:i2Ay/wm1V1u1f1Z0v6MPV9M2y+hFj0MTTXfyuX4sdViL2OWUSIgsRQoRkRLJzeL2:GsfnurWFV9pzfj0MTTvyuX4sXiL2LOeV

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks