Overview

overview

10

Static

static

3

151e4effc2...4N.exe

windows7-x64

10

151e4effc2...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    151e4effc2665aa4ef503a9f7db26c191145240fb2c5382d0d568424a512b8c4N.exe

  • Size

    71KB

  • Sample

    241225-sq3kwawqgl

  • MD5

    f1a0f3ea432e99d4c8f6c79da3827e70

  • SHA1

    6a12e12392cfcf28fbaa7643211e72c567f7e052

  • SHA256

    151e4effc2665aa4ef503a9f7db26c191145240fb2c5382d0d568424a512b8c4

  • SHA512

    f2667a63adda57bc775eb9757a9219a4e0b2d7e50f79110f4b6d3bbb6c026a788a59fd49ce40ab8f777b0c96a774b8905dc06eba48006d2443f8af863d489d29

  • SSDEEP

    1536:Tx3Ifetl68s7AyDjKaImk+8tIPN4+BRQMDbEyRCRRRoR4Rk:aetk1AWISeqEy032ya

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      151e4effc2665aa4ef503a9f7db26c191145240fb2c5382d0d568424a512b8c4N.exe

    • Size

      71KB

    • MD5

      f1a0f3ea432e99d4c8f6c79da3827e70

    • SHA1

      6a12e12392cfcf28fbaa7643211e72c567f7e052

    • SHA256

      151e4effc2665aa4ef503a9f7db26c191145240fb2c5382d0d568424a512b8c4

    • SHA512

      f2667a63adda57bc775eb9757a9219a4e0b2d7e50f79110f4b6d3bbb6c026a788a59fd49ce40ab8f777b0c96a774b8905dc06eba48006d2443f8af863d489d29

    • SSDEEP

      1536:Tx3Ifetl68s7AyDjKaImk+8tIPN4+BRQMDbEyRCRRRoR4Rk:aetk1AWISeqEy032ya

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks