berbew | 61df4e3f7325cf38c12871cdc5ecaa36efcf3415296de10ca214c2aa7b6bce7c | Triage

Sharing

General

Target

61df4e3f7325cf38c12871cdc5ecaa36efcf3415296de10ca214c2aa7b6bce7c
Size

1.2MB
Sample

250412-3ydxlatpt2
MD5

fee0fc8c5e6d2fab9f330f02356f0d51
SHA1

471d5d18150afc6e3e5d34c6ab06bcc908d93ad8
SHA256

61df4e3f7325cf38c12871cdc5ecaa36efcf3415296de10ca214c2aa7b6bce7c
SHA512

4f576b92ecc8c431e94d5623844cccfeaf446cce1829146c8a5a9c0776a68ce60298582ee41c696f0f29bf44dd91cca6d764ca5044154042187c792f07952c53
SSDEEP

6144:WhRs/27rCAU9CXdPipmMH/gysNkvC8vA+XTv7FYUwMOFusQ+kJ3StWbHPdBnec:W0eaCXwpnsKvNA+XTvZHWuEo3oWbvrec

Score

10^/10

berbew backdoor discovery persistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

- Target
  
  61df4e3f7325cf38c12871cdc5ecaa36efcf3415296de10ca214c2aa7b6bce7c
- Size
  
  1.2MB
- MD5
  
  fee0fc8c5e6d2fab9f330f02356f0d51
- SHA1
  
  471d5d18150afc6e3e5d34c6ab06bcc908d93ad8
- SHA256
  
  61df4e3f7325cf38c12871cdc5ecaa36efcf3415296de10ca214c2aa7b6bce7c
- SHA512
  
  4f576b92ecc8c431e94d5623844cccfeaf446cce1829146c8a5a9c0776a68ce60298582ee41c696f0f29bf44dd91cca6d764ca5044154042187c792f07952c53
- SSDEEP
  
  6144:WhRs/27rCAU9CXdPipmMH/gysNkvC8vA+XTv7FYUwMOFusQ+kJ3StWbHPdBnec:W0eaCXwpnsKvNA+XTvZHWuEo3oWbvrec
Score

10^/10

berbew backdoor discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Berbew family
  berbew
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbackdoordiscoverypersistence