Overview

overview

10

Static

static

3

4d2cf51884...19.exe

windows7-x64

10

4d2cf51884...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d2cf51884082189d825220385b77f746e35c9a470a460fe013af19cb6093b19

  • Size

    96KB

  • Sample

    241224-1t4w4symfn

  • MD5

    de558d23228d655930e0ffe0a2879ed8

  • SHA1

    58a063ca2dcbf19763b2f6e8a687a46b7510c2c8

  • SHA256

    4d2cf51884082189d825220385b77f746e35c9a470a460fe013af19cb6093b19

  • SHA512

    4b0038a7e042497c3c53bae1076991026854572c6814731e4d952e29c3a3707917a278efda7991edad5dc204b14c31ec10a62c83644b1d6b2e95a7fb752488a2

  • SSDEEP

    1536:3eV6c/pDaMQH/ZoU2+kD7SS2yz7/wHsgALylJGRQ+gR5R45WtqV9R2R462izMg3W:o3/M1/eLX2yz7YHyy2e+gHrtG9MW3+3W

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4d2cf51884082189d825220385b77f746e35c9a470a460fe013af19cb6093b19

    • Size

      96KB

    • MD5

      de558d23228d655930e0ffe0a2879ed8

    • SHA1

      58a063ca2dcbf19763b2f6e8a687a46b7510c2c8

    • SHA256

      4d2cf51884082189d825220385b77f746e35c9a470a460fe013af19cb6093b19

    • SHA512

      4b0038a7e042497c3c53bae1076991026854572c6814731e4d952e29c3a3707917a278efda7991edad5dc204b14c31ec10a62c83644b1d6b2e95a7fb752488a2

    • SSDEEP

      1536:3eV6c/pDaMQH/ZoU2+kD7SS2yz7/wHsgALylJGRQ+gR5R45WtqV9R2R462izMg3W:o3/M1/eLX2yz7YHyy2e+gHrtG9MW3+3W

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks