General

  • Target

    217eb800e12c1054a6aa125caa58957a00fd75c8e52e65bb9aebaae1bd897dde

  • Size

    94KB

  • Sample

    241009-xydzpsweqc

  • MD5

    040a6cc6fa7d24870bf6c57264f50fbf

  • SHA1

    1f34882fb32230dfccf15021b9eed760fce74654

  • SHA256

    217eb800e12c1054a6aa125caa58957a00fd75c8e52e65bb9aebaae1bd897dde

  • SHA512

    71aae40a22e32da5ee803c0ada4b2698eb491d8c38efa3f539263284a8c8474172f11d9cdbef43e11300b3cbce24340ea6d08e9bc9cb2e5ea6bef312b451469f

  • SSDEEP

    1536:jax2bHWGxIiZB9MNFrSFJX04G/beEzqb0dERQDiRfRa9HprmRfRZ:e4K0IiPSNR6JEd/beEWb0qeDi5wkpv

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      217eb800e12c1054a6aa125caa58957a00fd75c8e52e65bb9aebaae1bd897dde

    • Size

      94KB

    • MD5

      040a6cc6fa7d24870bf6c57264f50fbf

    • SHA1

      1f34882fb32230dfccf15021b9eed760fce74654

    • SHA256

      217eb800e12c1054a6aa125caa58957a00fd75c8e52e65bb9aebaae1bd897dde

    • SHA512

      71aae40a22e32da5ee803c0ada4b2698eb491d8c38efa3f539263284a8c8474172f11d9cdbef43e11300b3cbce24340ea6d08e9bc9cb2e5ea6bef312b451469f

    • SSDEEP

      1536:jax2bHWGxIiZB9MNFrSFJX04G/beEzqb0dERQDiRfRa9HprmRfRZ:e4K0IiPSNR6JEd/beEWb0qeDi5wkpv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks