Overview

overview

10

Static

static

3

ea510f5719...36.exe

windows7-x64

10

ea510f5719...36.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea510f571940fa36732e869003811af6395fd1d9875cc11fb496f8a8f6858d36

  • Size

    448KB

  • Sample

    241225-egt1gsxkds

  • MD5

    ac782dd5e6411a98b7963018537458a2

  • SHA1

    f61957b37d76767d3d5122bde983e6c6390e5aae

  • SHA256

    ea510f571940fa36732e869003811af6395fd1d9875cc11fb496f8a8f6858d36

  • SHA512

    6bf99fe13bc62cfbae61fa963251f1322923699686d968254f08f5daf4de937f5b1ecebd484850e59bb068ec76508f14108da16c187632d37eec4454a210d5a1

  • SSDEEP

    6144:XhORIm8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrlo9:6387g7/VycgE81lm

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ea510f571940fa36732e869003811af6395fd1d9875cc11fb496f8a8f6858d36

    • Size

      448KB

    • MD5

      ac782dd5e6411a98b7963018537458a2

    • SHA1

      f61957b37d76767d3d5122bde983e6c6390e5aae

    • SHA256

      ea510f571940fa36732e869003811af6395fd1d9875cc11fb496f8a8f6858d36

    • SHA512

      6bf99fe13bc62cfbae61fa963251f1322923699686d968254f08f5daf4de937f5b1ecebd484850e59bb068ec76508f14108da16c187632d37eec4454a210d5a1

    • SSDEEP

      6144:XhORIm8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrlo9:6387g7/VycgE81lm

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks