Overview

overview

10

Static

static

3

88b11ceeb5...dd.exe

windows7-x64

10

88b11ceeb5...dd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88b11ceeb5127f83229a625a1165d47764bc71c061dd2ca73880336401d1f8dd

  • Size

    66KB

  • Sample

    250307-2x4wysyry6

  • MD5

    b0153b0dd33e7b5ff985cfd33160125b

  • SHA1

    5e87601e96a9d9f8f9cec19876ed9ff3e02563c0

  • SHA256

    88b11ceeb5127f83229a625a1165d47764bc71c061dd2ca73880336401d1f8dd

  • SHA512

    57efbb7b80b488f5cfecc2f936e81092392e24b9db8cca87b4655e1bedd0b8d684be9ecc84d2c40da9331b5f0aa4d53846f716c96e78a6aa9df1cba44be7d5e1

  • SSDEEP

    1536:jk1rDN/Nw9tJnqDpumT2XlH9Xpu0VeRQZR:41XNFytJqw7V184eeZ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      88b11ceeb5127f83229a625a1165d47764bc71c061dd2ca73880336401d1f8dd

    • Size

      66KB

    • MD5

      b0153b0dd33e7b5ff985cfd33160125b

    • SHA1

      5e87601e96a9d9f8f9cec19876ed9ff3e02563c0

    • SHA256

      88b11ceeb5127f83229a625a1165d47764bc71c061dd2ca73880336401d1f8dd

    • SHA512

      57efbb7b80b488f5cfecc2f936e81092392e24b9db8cca87b4655e1bedd0b8d684be9ecc84d2c40da9331b5f0aa4d53846f716c96e78a6aa9df1cba44be7d5e1

    • SSDEEP

      1536:jk1rDN/Nw9tJnqDpumT2XlH9Xpu0VeRQZR:41XNFytJqw7V184eeZ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks