Overview

overview

10

Static

static

3

de2f055466...8a.exe

windows7-x64

10

de2f055466...8a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de2f05546694cbf0621857f6caf43c1e2fb0a2d6f7bc57a0f5858b4506dadb8a

  • Size

    71KB

  • Sample

    250306-p7e95azkv8

  • MD5

    1e357aba2b80d8874f1650ecf30adfff

  • SHA1

    fa22b9a81cd8df8f50901338a0090abad997e618

  • SHA256

    de2f05546694cbf0621857f6caf43c1e2fb0a2d6f7bc57a0f5858b4506dadb8a

  • SHA512

    45337f3788f6566c769d1502bbec345db086718d8e48b4a7ee3aa90a985b052cde2da4dfd06d8e1467bba97eb75a50935edaeae31bfbd467b40851249915ecb1

  • SSDEEP

    1536:J/6yJ6omU1G1GJxgV5joK4VOcFj78Pk5bTg8RQU2DbEyRCRRRoR4RkW:J/f6ov1e/5jgFjoPWU8ehEy032yaW

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      de2f05546694cbf0621857f6caf43c1e2fb0a2d6f7bc57a0f5858b4506dadb8a

    • Size

      71KB

    • MD5

      1e357aba2b80d8874f1650ecf30adfff

    • SHA1

      fa22b9a81cd8df8f50901338a0090abad997e618

    • SHA256

      de2f05546694cbf0621857f6caf43c1e2fb0a2d6f7bc57a0f5858b4506dadb8a

    • SHA512

      45337f3788f6566c769d1502bbec345db086718d8e48b4a7ee3aa90a985b052cde2da4dfd06d8e1467bba97eb75a50935edaeae31bfbd467b40851249915ecb1

    • SSDEEP

      1536:J/6yJ6omU1G1GJxgV5joK4VOcFj78Pk5bTg8RQU2DbEyRCRRRoR4RkW:J/f6ov1e/5jgFjoPWU8ehEy032yaW

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks