General

  • Target

    c7a533923092130a616519c0de423f663e9acd0f15635d27a363b6d25766f859

  • Size

    94KB

  • Sample

    241107-evqj8avjex

  • MD5

    3131820b0e0092168ba00c4db8470c85

  • SHA1

    2ddb8f18c6230ef2da0a7397de35316023fe8937

  • SHA256

    c7a533923092130a616519c0de423f663e9acd0f15635d27a363b6d25766f859

  • SHA512

    80736c8ae4bf9b22f8052f7b533395eb6bd81b9eeb494d703fbc84122270a369746608237deded0a4b9ec33ad9445bb139219b9ec94d754d8a0743cab0be3f77

  • SSDEEP

    1536:yVPfdqRKXznSwaq6H9bYncQVIRQDIRfRa9HprmRfRZ:wXdqKSxzQSeDI5wkpv

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c7a533923092130a616519c0de423f663e9acd0f15635d27a363b6d25766f859

    • Size

      94KB

    • MD5

      3131820b0e0092168ba00c4db8470c85

    • SHA1

      2ddb8f18c6230ef2da0a7397de35316023fe8937

    • SHA256

      c7a533923092130a616519c0de423f663e9acd0f15635d27a363b6d25766f859

    • SHA512

      80736c8ae4bf9b22f8052f7b533395eb6bd81b9eeb494d703fbc84122270a369746608237deded0a4b9ec33ad9445bb139219b9ec94d754d8a0743cab0be3f77

    • SSDEEP

      1536:yVPfdqRKXznSwaq6H9bYncQVIRQDIRfRa9HprmRfRZ:wXdqKSxzQSeDI5wkpv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks