Overview

overview

10

Static

static

3

410fcdd7e0...ab.exe

windows7-x64

10

410fcdd7e0...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    410fcdd7e09e5bab9fa821950a828ea02e659c7c18cf40330c672fb3c068c0ab

  • Size

    66KB

  • Sample

    250306-afwepstmt6

  • MD5

    a9d99084adbdb5ddb5a3c5ac0ab172a5

  • SHA1

    2e37e4cf6580deb1991aff157762dd5b846aabc2

  • SHA256

    410fcdd7e09e5bab9fa821950a828ea02e659c7c18cf40330c672fb3c068c0ab

  • SHA512

    f04a4746380cf437e286769bc5631e2ca06fed3c7b40d594255b2a06498d637f44ecd2839c624fd5a154b16bf35ac03f7e91795f2c0671264fe2c128e7fbb60c

  • SSDEEP

    1536:J4shvASm6FYdhfl0cfE6Qpb65sKBgTNrltHEnauWNRQQR:IfbdhfhE6IAoVRNeQ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      410fcdd7e09e5bab9fa821950a828ea02e659c7c18cf40330c672fb3c068c0ab

    • Size

      66KB

    • MD5

      a9d99084adbdb5ddb5a3c5ac0ab172a5

    • SHA1

      2e37e4cf6580deb1991aff157762dd5b846aabc2

    • SHA256

      410fcdd7e09e5bab9fa821950a828ea02e659c7c18cf40330c672fb3c068c0ab

    • SHA512

      f04a4746380cf437e286769bc5631e2ca06fed3c7b40d594255b2a06498d637f44ecd2839c624fd5a154b16bf35ac03f7e91795f2c0671264fe2c128e7fbb60c

    • SSDEEP

      1536:J4shvASm6FYdhfl0cfE6Qpb65sKBgTNrltHEnauWNRQQR:IfbdhfhE6IAoVRNeQ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks