General

  • Target

    b0ccc3ba0be07a5fb9929186fce7ed3d51354d9679b6bac94c064472d96c5967

  • Size

    520KB

  • Sample

    241107-dslb2swqep

  • MD5

    ab402ca0d1538fd690da9c36d0eb766e

  • SHA1

    2849ba71ded9bf97fa2cb660c3350f36ca5393f1

  • SHA256

    b0ccc3ba0be07a5fb9929186fce7ed3d51354d9679b6bac94c064472d96c5967

  • SHA512

    8a1d95955ffb1f8903598017eb4ee0cebc22d532640b483e18e0de8af9807a690b07db86ed8306de2366a922066573be2b72e00bbee7563d0ac5528ed26a83c7

  • SSDEEP

    6144:T7YnF7wBkFM6234lKm3mo8Yvi4KsLTFM6234lKm3r8SeNpgdyuH1lZfRo0V8Jcg6:oFFFB24lwR45FB24lJ87g7/VycgEH

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b0ccc3ba0be07a5fb9929186fce7ed3d51354d9679b6bac94c064472d96c5967

    • Size

      520KB

    • MD5

      ab402ca0d1538fd690da9c36d0eb766e

    • SHA1

      2849ba71ded9bf97fa2cb660c3350f36ca5393f1

    • SHA256

      b0ccc3ba0be07a5fb9929186fce7ed3d51354d9679b6bac94c064472d96c5967

    • SHA512

      8a1d95955ffb1f8903598017eb4ee0cebc22d532640b483e18e0de8af9807a690b07db86ed8306de2366a922066573be2b72e00bbee7563d0ac5528ed26a83c7

    • SSDEEP

      6144:T7YnF7wBkFM6234lKm3mo8Yvi4KsLTFM6234lKm3r8SeNpgdyuH1lZfRo0V8Jcg6:oFFFB24lwR45FB24lJ87g7/VycgEH

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks