General

  • Target

    ca3eb0356f63eb2d703f331831c8e6b913b895cc73a222a24536bec7d658d44c

  • Size

    256KB

  • Sample

    241107-e1meravhrd

  • MD5

    baf33c8840d22ba821a9a14c4c5d41c2

  • SHA1

    586bd9e8820d6d3d2603f3f435eadc0943ec04a9

  • SHA256

    ca3eb0356f63eb2d703f331831c8e6b913b895cc73a222a24536bec7d658d44c

  • SHA512

    1882afa99ba2fd5cc9d70dba87a2aec171f4c4198e73257ed71bf0363f9420168e008ccf053b501507828f254e0d4a8321eb9564e9d86edf3d079c0985a29ac5

  • SSDEEP

    6144:uOW3PWh2WeC1Zbh9C81NByvZ6Mxv5Rar3O6B9fZSLhZmzbBy9:RW3PWT9C8HByvNv54B9f01ZmHBy9

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ca3eb0356f63eb2d703f331831c8e6b913b895cc73a222a24536bec7d658d44c

    • Size

      256KB

    • MD5

      baf33c8840d22ba821a9a14c4c5d41c2

    • SHA1

      586bd9e8820d6d3d2603f3f435eadc0943ec04a9

    • SHA256

      ca3eb0356f63eb2d703f331831c8e6b913b895cc73a222a24536bec7d658d44c

    • SHA512

      1882afa99ba2fd5cc9d70dba87a2aec171f4c4198e73257ed71bf0363f9420168e008ccf053b501507828f254e0d4a8321eb9564e9d86edf3d079c0985a29ac5

    • SSDEEP

      6144:uOW3PWh2WeC1Zbh9C81NByvZ6Mxv5Rar3O6B9fZSLhZmzbBy9:RW3PWT9C8HByvNv54B9f01ZmHBy9

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks