Overview

overview

10

Static

static

10

581be70e45...50.exe

windows7-x64

10

581be70e45...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    581be70e45a40bc9e69ed04aeb98cdfa9f75c791ceb522f6d4e73b1cffc6df50

  • Size

    320KB

  • Sample

    241224-2bxkraypgs

  • MD5

    fe15935ca93791249cd1644e61791b1b

  • SHA1

    77df88854dc5dff98dc6f4b5d76dbc065d049211

  • SHA256

    581be70e45a40bc9e69ed04aeb98cdfa9f75c791ceb522f6d4e73b1cffc6df50

  • SHA512

    fad19898c26f997119220305d0d6766730f016f0b61b61d0217f85ce396e0106265e7d496310027706411e47e15d20ba710a067cd9486aa20c1d2a8cf8237578

  • SSDEEP

    6144:+PG6kqGPJu6cZLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N4:+NkfJPXYJ07kE0KoFtw2gu9RxrBIUbP+

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      581be70e45a40bc9e69ed04aeb98cdfa9f75c791ceb522f6d4e73b1cffc6df50

    • Size

      320KB

    • MD5

      fe15935ca93791249cd1644e61791b1b

    • SHA1

      77df88854dc5dff98dc6f4b5d76dbc065d049211

    • SHA256

      581be70e45a40bc9e69ed04aeb98cdfa9f75c791ceb522f6d4e73b1cffc6df50

    • SHA512

      fad19898c26f997119220305d0d6766730f016f0b61b61d0217f85ce396e0106265e7d496310027706411e47e15d20ba710a067cd9486aa20c1d2a8cf8237578

    • SSDEEP

      6144:+PG6kqGPJu6cZLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N4:+NkfJPXYJ07kE0KoFtw2gu9RxrBIUbP+

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks