Overview

overview

10

Static

static

3

f68fe25adf...0b.exe

windows7-x64

10

f68fe25adf...0b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f68fe25adf94511d97afa4c4591ba45c01d707f0ba2ced52fdb3bad218d5c70b.exe

  • Size

    790KB

  • Sample

    241225-vx1qzazqgj

  • MD5

    6a926382bbd589db38878208d2c0d66f

  • SHA1

    a0048cc006892a104946d0ae1ce66b598104afc8

  • SHA256

    f68fe25adf94511d97afa4c4591ba45c01d707f0ba2ced52fdb3bad218d5c70b

  • SHA512

    89a8f380a560a5977f43239daebaabf1453589a74929b5a927aaafbf9c8d20fb0c70573a096fd253e2bb92ff1e68b468348a6ff43e088f9cff69c131cf839400

  • SSDEEP

    12288:Cxbt8mFB24lA87g7/VycgE81lgxaa79yD:C58OPBoIlg17oD

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f68fe25adf94511d97afa4c4591ba45c01d707f0ba2ced52fdb3bad218d5c70b.exe

    • Size

      790KB

    • MD5

      6a926382bbd589db38878208d2c0d66f

    • SHA1

      a0048cc006892a104946d0ae1ce66b598104afc8

    • SHA256

      f68fe25adf94511d97afa4c4591ba45c01d707f0ba2ced52fdb3bad218d5c70b

    • SHA512

      89a8f380a560a5977f43239daebaabf1453589a74929b5a927aaafbf9c8d20fb0c70573a096fd253e2bb92ff1e68b468348a6ff43e088f9cff69c131cf839400

    • SSDEEP

      12288:Cxbt8mFB24lA87g7/VycgE81lgxaa79yD:C58OPBoIlg17oD

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks