General

  • Target

    bb715fbd6a39e621ef4e01e428dab88575115f32a1586c24b089024f1d854927

  • Size

    923KB

  • Sample

    241107-eaa9ssxkgq

  • MD5

    f69569aa15cbe79a646fdb4735a38a72

  • SHA1

    eb5cbeab699c248894833c9d7898ed1eb682f2d4

  • SHA256

    bb715fbd6a39e621ef4e01e428dab88575115f32a1586c24b089024f1d854927

  • SHA512

    b72230037e1b2017f54be5e28375455759ccc5a8caaa93ea6a8feb114d94137d57285546bee7d1693e020ced97b677f1057d85054f7673bdd1ce4f8eee08d857

  • SSDEEP

    12288:PI4nByvNv54B9f01ZmHByvNv5VwLonfBHLqF1Nw5ILonfByvNv5H8:Jwvr4B9f01ZmQvrUENOVvrc

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bb715fbd6a39e621ef4e01e428dab88575115f32a1586c24b089024f1d854927

    • Size

      923KB

    • MD5

      f69569aa15cbe79a646fdb4735a38a72

    • SHA1

      eb5cbeab699c248894833c9d7898ed1eb682f2d4

    • SHA256

      bb715fbd6a39e621ef4e01e428dab88575115f32a1586c24b089024f1d854927

    • SHA512

      b72230037e1b2017f54be5e28375455759ccc5a8caaa93ea6a8feb114d94137d57285546bee7d1693e020ced97b677f1057d85054f7673bdd1ce4f8eee08d857

    • SSDEEP

      12288:PI4nByvNv54B9f01ZmHByvNv5VwLonfBHLqF1Nw5ILonfByvNv5H8:Jwvr4B9f01ZmQvrUENOVvrc

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks