Overview

overview

10

Static

static

3

45981cd147...19.exe

windows7-x64

10

45981cd147...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45981cd147d7ed708310ed14374195106bc59ec646313354eee81145129f8d19

  • Size

    94KB

  • Sample

    241224-1kbh7sykcp

  • MD5

    f45c9da42d0dcf16c9ddbe17639375d3

  • SHA1

    ca9ead053ac25d4c425babc7ca76d95f20e0c34f

  • SHA256

    45981cd147d7ed708310ed14374195106bc59ec646313354eee81145129f8d19

  • SHA512

    05b109ab3b88362fb6c62014671196bea081e20e9ddf00b095910c1e8d875f360cc12c92820a1ce2596f5159f252ead9b8664d0ff6d664ddc01c6f0b14657048

  • SSDEEP

    1536:pvWZv1FiTVDylwpXo8mY4aDu8rtI8+zxV3Nsa6EmtRQDiRfRa9HprmRfRZ:cv1wDep8oaXraqhteDi5wkpv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      45981cd147d7ed708310ed14374195106bc59ec646313354eee81145129f8d19

    • Size

      94KB

    • MD5

      f45c9da42d0dcf16c9ddbe17639375d3

    • SHA1

      ca9ead053ac25d4c425babc7ca76d95f20e0c34f

    • SHA256

      45981cd147d7ed708310ed14374195106bc59ec646313354eee81145129f8d19

    • SHA512

      05b109ab3b88362fb6c62014671196bea081e20e9ddf00b095910c1e8d875f360cc12c92820a1ce2596f5159f252ead9b8664d0ff6d664ddc01c6f0b14657048

    • SSDEEP

      1536:pvWZv1FiTVDylwpXo8mY4aDu8rtI8+zxV3Nsa6EmtRQDiRfRa9HprmRfRZ:cv1wDep8oaXraqhteDi5wkpv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks