General

  • Target

    b6a9af7eb9a404d0a23741a6995f5582f00e7ac893ef879b996a864ceba3fcc5

  • Size

    104KB

  • Sample

    241107-d32f1svcjb

  • MD5

    d58ca95d6b89b4cc3464fc18c3c83312

  • SHA1

    5fd5e595df4fe99a9073efd5f5c497dfef6d2328

  • SHA256

    b6a9af7eb9a404d0a23741a6995f5582f00e7ac893ef879b996a864ceba3fcc5

  • SHA512

    464ed9626e71060d58cd6d7c9699aaa782ae87041ada5d2721d0b1fd79a7dddc03ff280bdf921bb7eaeb883ca7903db81f89140187dd4a5b6cff80ecb47e5c9b

  • SSDEEP

    3072:I5JHBiO/CDopujyTGe5ax7cEGrhkngpDvchkqbAIQS:mQ62jK5ax4brq2Ahn

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b6a9af7eb9a404d0a23741a6995f5582f00e7ac893ef879b996a864ceba3fcc5

    • Size

      104KB

    • MD5

      d58ca95d6b89b4cc3464fc18c3c83312

    • SHA1

      5fd5e595df4fe99a9073efd5f5c497dfef6d2328

    • SHA256

      b6a9af7eb9a404d0a23741a6995f5582f00e7ac893ef879b996a864ceba3fcc5

    • SHA512

      464ed9626e71060d58cd6d7c9699aaa782ae87041ada5d2721d0b1fd79a7dddc03ff280bdf921bb7eaeb883ca7903db81f89140187dd4a5b6cff80ecb47e5c9b

    • SSDEEP

      3072:I5JHBiO/CDopujyTGe5ax7cEGrhkngpDvchkqbAIQS:mQ62jK5ax4brq2Ahn

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks