Overview

overview

10

Static

static

10

4e790838e1...af.exe

windows7-x64

10

4e790838e1...af.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e790838e1f4690b8acb3b43ceb9979d9fb810a3b29e665faa969d49ab2fc4af.exe

  • Size

    464KB

  • Sample

    241225-xb6q7ssmdt

  • MD5

    3eafa465e0c0a37bac20596b7a9abc7a

  • SHA1

    9291d80908f18db3042ef3b96d05564df156248b

  • SHA256

    4e790838e1f4690b8acb3b43ceb9979d9fb810a3b29e665faa969d49ab2fc4af

  • SHA512

    2caf5b633476d8d2014e07e1093ea18f9817e40b184a99defe4e49ae6ad1fe8c5dca20ba4364a69b2ec9a3fd821f8b1e403534f8e4fdd3f31cfaeb005f4b86b1

  • SSDEEP

    6144:IdE3xOgpBpuXhEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPCV:IdexZpBpiEVI2C4EVu2JEVcBEVI2CV

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4e790838e1f4690b8acb3b43ceb9979d9fb810a3b29e665faa969d49ab2fc4af.exe

    • Size

      464KB

    • MD5

      3eafa465e0c0a37bac20596b7a9abc7a

    • SHA1

      9291d80908f18db3042ef3b96d05564df156248b

    • SHA256

      4e790838e1f4690b8acb3b43ceb9979d9fb810a3b29e665faa969d49ab2fc4af

    • SHA512

      2caf5b633476d8d2014e07e1093ea18f9817e40b184a99defe4e49ae6ad1fe8c5dca20ba4364a69b2ec9a3fd821f8b1e403534f8e4fdd3f31cfaeb005f4b86b1

    • SSDEEP

      6144:IdE3xOgpBpuXhEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPCV:IdexZpBpiEVI2C4EVu2JEVcBEVI2CV

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks