General

  • Target

    cc7af0453260fa2438d215b59faaced436e8487b4e1e6d14deef3050aae45e7c

  • Size

    104KB

  • Sample

    241107-e6pgasxrbn

  • MD5

    efa3e6a2c06ed57e7ac2a6d112e6553d

  • SHA1

    e3f4a323157e15d23a408a99a0da10431be4eb40

  • SHA256

    cc7af0453260fa2438d215b59faaced436e8487b4e1e6d14deef3050aae45e7c

  • SHA512

    70857923bc89f09c6b2be2f5dd30c63c72298d383065bee57b3b4f5d17bedc416bde95535188ac346e730ae789211f1fb987c4a0e720e20d560bbb9436121081

  • SSDEEP

    3072:fOD27UgLZJ5iSyIs8ue5Ix7cEGrhkngpDvchkqbAIQS:fODmUgLtiSyIsA5Ix4brq2Ahn

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      cc7af0453260fa2438d215b59faaced436e8487b4e1e6d14deef3050aae45e7c

    • Size

      104KB

    • MD5

      efa3e6a2c06ed57e7ac2a6d112e6553d

    • SHA1

      e3f4a323157e15d23a408a99a0da10431be4eb40

    • SHA256

      cc7af0453260fa2438d215b59faaced436e8487b4e1e6d14deef3050aae45e7c

    • SHA512

      70857923bc89f09c6b2be2f5dd30c63c72298d383065bee57b3b4f5d17bedc416bde95535188ac346e730ae789211f1fb987c4a0e720e20d560bbb9436121081

    • SSDEEP

      3072:fOD27UgLZJ5iSyIs8ue5Ix7cEGrhkngpDvchkqbAIQS:fODmUgLtiSyIsA5Ix4brq2Ahn

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks