Overview

overview

10

Static

static

3

87011174bb...40.exe

windows7-x64

10

87011174bb...40.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87011174bb8dfd9e2fafaba1e8b200b0344218c533aaa0c0e2c37ceef5c40f40.exe

  • Size

    71KB

  • Sample

    241225-vt57aazlgz

  • MD5

    6c5018ec3abee6977d89e379602c96fc

  • SHA1

    323f5e3686e186e976fda72a0665e208d6422dce

  • SHA256

    87011174bb8dfd9e2fafaba1e8b200b0344218c533aaa0c0e2c37ceef5c40f40

  • SHA512

    bb4fbfdca69ce4fe12ebdaa5ec5ae063d02029c0ac43036ce0d613bcf562d99fd1eaf755d307b514e5172323ce7672f07b2f9ef5ce256aaa3f10266b165b77a8

  • SSDEEP

    1536:JFqpoAQFS655nElim6YBdEso3rdvzEKbRQTDbEyRCRRRoR4RkC:JFqndy5ndvxeDEy032yaC

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      87011174bb8dfd9e2fafaba1e8b200b0344218c533aaa0c0e2c37ceef5c40f40.exe

    • Size

      71KB

    • MD5

      6c5018ec3abee6977d89e379602c96fc

    • SHA1

      323f5e3686e186e976fda72a0665e208d6422dce

    • SHA256

      87011174bb8dfd9e2fafaba1e8b200b0344218c533aaa0c0e2c37ceef5c40f40

    • SHA512

      bb4fbfdca69ce4fe12ebdaa5ec5ae063d02029c0ac43036ce0d613bcf562d99fd1eaf755d307b514e5172323ce7672f07b2f9ef5ce256aaa3f10266b165b77a8

    • SSDEEP

      1536:JFqpoAQFS655nElim6YBdEso3rdvzEKbRQTDbEyRCRRRoR4RkC:JFqndy5ndvxeDEy032yaC

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks