Overview

overview

10

Static

static

3

cf116bfd33...7N.exe

windows7-x64

10

cf116bfd33...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf116bfd33942671a9c0f5c7743fb346213acb6f871f0e5fdb16b5e640d9ef47N.exe

  • Size

    322KB

  • Sample

    241225-vmvrzazmgm

  • MD5

    aeade681d6bfb316576b2656411c59f0

  • SHA1

    edf8249104682cfba7fdfc388d9e932533e0b99e

  • SHA256

    cf116bfd33942671a9c0f5c7743fb346213acb6f871f0e5fdb16b5e640d9ef47

  • SHA512

    43fc9f2c6125af7dbad47210420c73fd029f4e02735be63e4852d30f1f19cbb785e9d9169c75b11b4968e6503139bf4ca0914112e4a0f67a075a30ac24246d39

  • SSDEEP

    1536:+cUaRjPpiVp4TKeh2pqyx/8KEWPB2j8tQvLiSmvjRQD1TmDhdF+PhJFTq1dlCsTg:+axPx+dbEW8It/ehSVGZ3Odl2

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      cf116bfd33942671a9c0f5c7743fb346213acb6f871f0e5fdb16b5e640d9ef47N.exe

    • Size

      322KB

    • MD5

      aeade681d6bfb316576b2656411c59f0

    • SHA1

      edf8249104682cfba7fdfc388d9e932533e0b99e

    • SHA256

      cf116bfd33942671a9c0f5c7743fb346213acb6f871f0e5fdb16b5e640d9ef47

    • SHA512

      43fc9f2c6125af7dbad47210420c73fd029f4e02735be63e4852d30f1f19cbb785e9d9169c75b11b4968e6503139bf4ca0914112e4a0f67a075a30ac24246d39

    • SSDEEP

      1536:+cUaRjPpiVp4TKeh2pqyx/8KEWPB2j8tQvLiSmvjRQD1TmDhdF+PhJFTq1dlCsTg:+axPx+dbEW8It/ehSVGZ3Odl2

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks