Overview

overview

10

Static

static

3

483ec050ef...d2.exe

windows7-x64

10

483ec050ef...d2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    483ec050ef6ea269793f5d5eead6cf93ebb58747f438e5f4b7c609f6521339d2

  • Size

    482KB

  • Sample

    241224-1nf8vsyjfz

  • MD5

    a60bdb9c4d33c24a43b46b379de1c135

  • SHA1

    a04e8444b2ece1cb2056f8710b7908f32b44257d

  • SHA256

    483ec050ef6ea269793f5d5eead6cf93ebb58747f438e5f4b7c609f6521339d2

  • SHA512

    2229f093982e6b1f4a112f4a35a911f4de7b9ccdfd7b7ec0595056aaa9e611daa03172d2a8dba399c07d3c75d72dbdcf02e4021a611a3c1f66f1dfd6b8805948

  • SSDEEP

    6144:WB6K/VYQJLl+wGXAF2PbgKLVGFM6234lKm3mo8Yvi4KsLTFM6234lKm3y:A/VZLMwGXAF5KLVGFB24lwR45FB24lg

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      483ec050ef6ea269793f5d5eead6cf93ebb58747f438e5f4b7c609f6521339d2

    • Size

      482KB

    • MD5

      a60bdb9c4d33c24a43b46b379de1c135

    • SHA1

      a04e8444b2ece1cb2056f8710b7908f32b44257d

    • SHA256

      483ec050ef6ea269793f5d5eead6cf93ebb58747f438e5f4b7c609f6521339d2

    • SHA512

      2229f093982e6b1f4a112f4a35a911f4de7b9ccdfd7b7ec0595056aaa9e611daa03172d2a8dba399c07d3c75d72dbdcf02e4021a611a3c1f66f1dfd6b8805948

    • SSDEEP

      6144:WB6K/VYQJLl+wGXAF2PbgKLVGFM6234lKm3mo8Yvi4KsLTFM6234lKm3y:A/VZLMwGXAF5KLVGFB24lwR45FB24lg

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks