Overview

overview

10

Static

static

3

db74758bb9...2b.exe

windows7-x64

10

db74758bb9...2b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db74758bb9e2af26338266f664eb9190adb16c364fbd18378ac8d4eca98f912b.exe

  • Size

    74KB

  • Sample

    241225-yjtmaavmbt

  • MD5

    a646e2f25abcc130fd4b8515d34e0736

  • SHA1

    b6b16be660a2005dbdb34e5af543e6ada4b70b99

  • SHA256

    db74758bb9e2af26338266f664eb9190adb16c364fbd18378ac8d4eca98f912b

  • SHA512

    b1b6bbebc10daca09911af0e9cf41e27a2a317160ae23abe1505d0329397d35d759d275ed91a584061fc2963a6f6d60def36f26c077e113437ed9762045d1fbf

  • SSDEEP

    1536:jKphdm+1Ap8y1hJspS2DXI/mjpUX53U5ZmSnmtgVM/2RQkZRcRes3cO57OW/:K++GpV6z453qZ+2zekZW19/

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      db74758bb9e2af26338266f664eb9190adb16c364fbd18378ac8d4eca98f912b.exe

    • Size

      74KB

    • MD5

      a646e2f25abcc130fd4b8515d34e0736

    • SHA1

      b6b16be660a2005dbdb34e5af543e6ada4b70b99

    • SHA256

      db74758bb9e2af26338266f664eb9190adb16c364fbd18378ac8d4eca98f912b

    • SHA512

      b1b6bbebc10daca09911af0e9cf41e27a2a317160ae23abe1505d0329397d35d759d275ed91a584061fc2963a6f6d60def36f26c077e113437ed9762045d1fbf

    • SSDEEP

      1536:jKphdm+1Ap8y1hJspS2DXI/mjpUX53U5ZmSnmtgVM/2RQkZRcRes3cO57OW/:K++GpV6z453qZ+2zekZW19/

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks