General

  • Target

    29c87c877bc1ce3050fb6759e7e8391822fc42db9808b06292711afb6794f510N

  • Size

    664KB

  • Sample

    241009-mjgryazdjp

  • MD5

    c8cb6c3c39d20830bf770ac13043c130

  • SHA1

    ed902fb76c16b12670fa619e87c1863ad5142cef

  • SHA256

    29c87c877bc1ce3050fb6759e7e8391822fc42db9808b06292711afb6794f510

  • SHA512

    39b391e7e0faf9ff418f3b5a0dd49c54c03f635eba65d9c345ac0f142f67b3e07ed057595fc92f29cbdad40a3763b4b324e82dfb898553bfd1e298d34ae05bc2

  • SSDEEP

    12288:Hd5fM3zpV6yYPVpV6yYPg058KpV6yYPNUir2MhNl6zX3w9As/xO23WM6tJmDYjm:95fMDWVWleKWNUir2MhNl6zX3w9As/xi

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      29c87c877bc1ce3050fb6759e7e8391822fc42db9808b06292711afb6794f510N

    • Size

      664KB

    • MD5

      c8cb6c3c39d20830bf770ac13043c130

    • SHA1

      ed902fb76c16b12670fa619e87c1863ad5142cef

    • SHA256

      29c87c877bc1ce3050fb6759e7e8391822fc42db9808b06292711afb6794f510

    • SHA512

      39b391e7e0faf9ff418f3b5a0dd49c54c03f635eba65d9c345ac0f142f67b3e07ed057595fc92f29cbdad40a3763b4b324e82dfb898553bfd1e298d34ae05bc2

    • SSDEEP

      12288:Hd5fM3zpV6yYPVpV6yYPg058KpV6yYPNUir2MhNl6zX3w9As/xO23WM6tJmDYjm:95fMDWVWleKWNUir2MhNl6zX3w9As/xi

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks