Overview

overview

10

Static

static

3

102a4bf7e9...0c.exe

windows7-x64

10

102a4bf7e9...0c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    102a4bf7e98840ccfa4fee622f170fd8874bc829820c8400dc7e8d2c85c3d60c.exe

  • Size

    93KB

  • Sample

    241225-xxdybatpcp

  • MD5

    be7dbef89ae0ffce8c21ad9713322ccd

  • SHA1

    eddb49b7619653001a29296aac260b072f895a31

  • SHA256

    102a4bf7e98840ccfa4fee622f170fd8874bc829820c8400dc7e8d2c85c3d60c

  • SHA512

    73b81b17255a9ccb84aace9dd2b8b19ac12c3595d29266118a40709e92b047d4fe33d9ff510dc91df79ee82b828701c7fef092499f401512b44fcd5c092f640f

  • SSDEEP

    1536:NalD9SuNDG2BvanuA1IVESlkBVptV+JRQoRRs3cO57OWxXPu4n6yYPLBgI7Ck3:NaJIuNhLAuSFBVbgJeoE9pui6yYPaI7j

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      102a4bf7e98840ccfa4fee622f170fd8874bc829820c8400dc7e8d2c85c3d60c.exe

    • Size

      93KB

    • MD5

      be7dbef89ae0ffce8c21ad9713322ccd

    • SHA1

      eddb49b7619653001a29296aac260b072f895a31

    • SHA256

      102a4bf7e98840ccfa4fee622f170fd8874bc829820c8400dc7e8d2c85c3d60c

    • SHA512

      73b81b17255a9ccb84aace9dd2b8b19ac12c3595d29266118a40709e92b047d4fe33d9ff510dc91df79ee82b828701c7fef092499f401512b44fcd5c092f640f

    • SSDEEP

      1536:NalD9SuNDG2BvanuA1IVESlkBVptV+JRQoRRs3cO57OWxXPu4n6yYPLBgI7Ck3:NaJIuNhLAuSFBVbgJeoE9pui6yYPaI7j

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks