General

  • Target

    c5c405683c54e2fd4a456ee444021ef38fc4ab10d489bda9e3360bf2364bcad8

  • Size

    384KB

  • Sample

    241107-ernw8axpak

  • MD5

    9c84d8c9899ac78e7197e0764b3f2691

  • SHA1

    55461692252bb14945d263ac517a343930055f49

  • SHA256

    c5c405683c54e2fd4a456ee444021ef38fc4ab10d489bda9e3360bf2364bcad8

  • SHA512

    8bac3907ff3ae527bb2eb2258a132a5042fc2fef8cfbb670314d9ad3ed62d90560c87a2549340d998b0e639512df7c11ecf95101cf239d2e7d4c881906957c0b

  • SSDEEP

    6144:sf0oSPLuIR8SeNpgdyuH1lZfRo0V8JcgE+ezpg12:g0omSQ87g7/VycgE82

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c5c405683c54e2fd4a456ee444021ef38fc4ab10d489bda9e3360bf2364bcad8

    • Size

      384KB

    • MD5

      9c84d8c9899ac78e7197e0764b3f2691

    • SHA1

      55461692252bb14945d263ac517a343930055f49

    • SHA256

      c5c405683c54e2fd4a456ee444021ef38fc4ab10d489bda9e3360bf2364bcad8

    • SHA512

      8bac3907ff3ae527bb2eb2258a132a5042fc2fef8cfbb670314d9ad3ed62d90560c87a2549340d998b0e639512df7c11ecf95101cf239d2e7d4c881906957c0b

    • SSDEEP

      6144:sf0oSPLuIR8SeNpgdyuH1lZfRo0V8JcgE+ezpg12:g0omSQ87g7/VycgE82

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks