Overview

overview

10

Static

static

10

2025-04-10...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-10_f88a0f1fcaa11740be5a63ba096132fe_amadey_elex_rhadamanthys_smoke-loader

  • Size

    400KB

  • Sample

    250410-ke9aaawpv5

  • MD5

    f88a0f1fcaa11740be5a63ba096132fe

  • SHA1

    a794537afb7fc567c8f3efc73232270877a830b9

  • SHA256

    3a7767931a10e5796e6fa9daa33da585a874755a1c7bed0d06e68dd627306b03

  • SHA512

    b0f14e8a420d0cce99cee56fd6d0c33d750a028ab7886f0dd554e9acd5dbc1c8844b4ef5b78f36ca9b2bc9118827d3d8c55eae17139db55f91b3ab5886be3bf0

  • SSDEEP

    12288:Nb5Ccsx2o8wE39uW8wESByvNv54B9f01Zm:B5CHx2o8wDW8wQvr4B9f01Zm

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      2025-04-10_f88a0f1fcaa11740be5a63ba096132fe_amadey_elex_rhadamanthys_smoke-loader

    • Size

      400KB

    • MD5

      f88a0f1fcaa11740be5a63ba096132fe

    • SHA1

      a794537afb7fc567c8f3efc73232270877a830b9

    • SHA256

      3a7767931a10e5796e6fa9daa33da585a874755a1c7bed0d06e68dd627306b03

    • SHA512

      b0f14e8a420d0cce99cee56fd6d0c33d750a028ab7886f0dd554e9acd5dbc1c8844b4ef5b78f36ca9b2bc9118827d3d8c55eae17139db55f91b3ab5886be3bf0

    • SSDEEP

      12288:Nb5Ccsx2o8wE39uW8wESByvNv54B9f01Zm:B5CHx2o8wDW8wQvr4B9f01Zm

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks