Overview

overview

10

Static

static

3

3c48b9c17a...c6.exe

windows7-x64

10

3c48b9c17a...c6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c48b9c17af352863fa399c867f761063e5c87506424d73ccf26e846f68345c6

  • Size

    87KB

  • Sample

    241224-z85lhsxqhn

  • MD5

    f5a49610f8d29d0e57d900346f66776c

  • SHA1

    a64ce067c85f0594dee08a6e73f28c7c45006acf

  • SHA256

    3c48b9c17af352863fa399c867f761063e5c87506424d73ccf26e846f68345c6

  • SHA512

    6266d30c7f2aa2d565ffc13ae55d1745a3838587eb22e48f628d2a3188f80c75e64e677549bfb1698b1f6d0456d01d4c39837c8342165939efd327a4aec6378a

  • SSDEEP

    1536:/HlT0DBqocKg4shVjGvk2iqVHrIXqIvruQFm6qQ/zY4RQ4+RSRBDNrR0RVe7R6Rj:/hABxeZVjpIH2dFm6jefAnDlmbGcGFDA

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3c48b9c17af352863fa399c867f761063e5c87506424d73ccf26e846f68345c6

    • Size

      87KB

    • MD5

      f5a49610f8d29d0e57d900346f66776c

    • SHA1

      a64ce067c85f0594dee08a6e73f28c7c45006acf

    • SHA256

      3c48b9c17af352863fa399c867f761063e5c87506424d73ccf26e846f68345c6

    • SHA512

      6266d30c7f2aa2d565ffc13ae55d1745a3838587eb22e48f628d2a3188f80c75e64e677549bfb1698b1f6d0456d01d4c39837c8342165939efd327a4aec6378a

    • SSDEEP

      1536:/HlT0DBqocKg4shVjGvk2iqVHrIXqIvruQFm6qQ/zY4RQ4+RSRBDNrR0RVe7R6Rj:/hABxeZVjpIH2dFm6jefAnDlmbGcGFDA

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks