Overview

overview

10

Static

static

3

bb1f674753...80.exe

windows7-x64

10

bb1f674753...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb1f674753342512511393340d72e37d8208888030b689c02baef6c79dc01d80

  • Size

    640KB

  • Sample

    250306-l5fw4av1ax

  • MD5

    ad61891713b12dee7e715389ffb37102

  • SHA1

    bc53c637541ea3c3f29e4799593b73f6f54fa126

  • SHA256

    bb1f674753342512511393340d72e37d8208888030b689c02baef6c79dc01d80

  • SHA512

    4b9a44336c3f03d130b399c18710f6cf3576157f885069ddfd2c6e46ec39ad8bfeccbe0367ca3bd0d535de4f15b5f18b9ee455c149542019bd5e3e3f4deeeeca

  • SSDEEP

    6144:d+6jec9FM6234lKm3mo8Yvi4KsFr8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrlo:dTjXFB24lwR4P87g7/VycgE81l

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bb1f674753342512511393340d72e37d8208888030b689c02baef6c79dc01d80

    • Size

      640KB

    • MD5

      ad61891713b12dee7e715389ffb37102

    • SHA1

      bc53c637541ea3c3f29e4799593b73f6f54fa126

    • SHA256

      bb1f674753342512511393340d72e37d8208888030b689c02baef6c79dc01d80

    • SHA512

      4b9a44336c3f03d130b399c18710f6cf3576157f885069ddfd2c6e46ec39ad8bfeccbe0367ca3bd0d535de4f15b5f18b9ee455c149542019bd5e3e3f4deeeeca

    • SSDEEP

      6144:d+6jec9FM6234lKm3mo8Yvi4KsFr8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrlo:dTjXFB24lwR4P87g7/VycgE81l

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks