Overview

overview

10

Static

static

3

4e0793f430...6a.exe

windows7-x64

10

4e0793f430...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e0793f430ca5c7264f727b56a454b892ead18fd201d7521e6cca879c6c9036a

  • Size

    87KB

  • Sample

    241224-1wd4gaylbz

  • MD5

    b059ace60f6aaabab1f2c437734a7882

  • SHA1

    706846691a8a1d96e8d9ec9ca2912e5fe6637a4e

  • SHA256

    4e0793f430ca5c7264f727b56a454b892ead18fd201d7521e6cca879c6c9036a

  • SHA512

    77f79a0b2a7c182da74043901d34d59399c84828950ed4af66514b09c63962b6251e8eb8481db7508324306c218347852b1a88c63eb458bf65ac42973ae489f4

  • SSDEEP

    1536:gyUtfgVBlxbUZ6KHDxDA3HumRB/RuE2/znRQ4URSRBDNrR0RVe7R6R8RPD2zT:RUtfAOTJAXxRm5/7eNAnDlmbGcGFDeT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4e0793f430ca5c7264f727b56a454b892ead18fd201d7521e6cca879c6c9036a

    • Size

      87KB

    • MD5

      b059ace60f6aaabab1f2c437734a7882

    • SHA1

      706846691a8a1d96e8d9ec9ca2912e5fe6637a4e

    • SHA256

      4e0793f430ca5c7264f727b56a454b892ead18fd201d7521e6cca879c6c9036a

    • SHA512

      77f79a0b2a7c182da74043901d34d59399c84828950ed4af66514b09c63962b6251e8eb8481db7508324306c218347852b1a88c63eb458bf65ac42973ae489f4

    • SSDEEP

      1536:gyUtfgVBlxbUZ6KHDxDA3HumRB/RuE2/znRQ4URSRBDNrR0RVe7R6R8RPD2zT:RUtfAOTJAXxRm5/7eNAnDlmbGcGFDeT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks