Overview

overview

10

Static

static

10

87cd6b4ae9...10.exe

windows7-x64

10

87cd6b4ae9...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87cd6b4ae9c04aa4cf8c9dc2e25c19356f847aa1cb587c0fc66ca26669c39310

  • Size

    464KB

  • Sample

    250306-g5ea2s1rs4

  • MD5

    aad29b4ecb385ecee3e719796ba8fa35

  • SHA1

    1c77884fa52f4b0fd4eb2ec0bf7726b19674179b

  • SHA256

    87cd6b4ae9c04aa4cf8c9dc2e25c19356f847aa1cb587c0fc66ca26669c39310

  • SHA512

    883a6391311eeb92c29a43d3f58d12134017ef2c8e72f8e91c6b84c6cd8189abf867e41d69a33837b475aef808b3071542a2ec3299c7c968474086a813fa6d70

  • SSDEEP

    6144:eO2j1zIwnlZC6GEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPCv:611LmEVI2C4EVu2JEVcBEVI2Cv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      87cd6b4ae9c04aa4cf8c9dc2e25c19356f847aa1cb587c0fc66ca26669c39310

    • Size

      464KB

    • MD5

      aad29b4ecb385ecee3e719796ba8fa35

    • SHA1

      1c77884fa52f4b0fd4eb2ec0bf7726b19674179b

    • SHA256

      87cd6b4ae9c04aa4cf8c9dc2e25c19356f847aa1cb587c0fc66ca26669c39310

    • SHA512

      883a6391311eeb92c29a43d3f58d12134017ef2c8e72f8e91c6b84c6cd8189abf867e41d69a33837b475aef808b3071542a2ec3299c7c968474086a813fa6d70

    • SSDEEP

      6144:eO2j1zIwnlZC6GEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPCv:611LmEVI2C4EVu2JEVcBEVI2Cv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks