General

  • Target

    a9158bc3be8cb2cc61cf10fa1f4a5dbb5b52456e2e5aa2f04cde89fccc8c401bN

  • Size

    104KB

  • Sample

    241107-fanessxrgm

  • MD5

    b485a267716beb0b79680100b6dd39e0

  • SHA1

    f3f9518c52cbe8d6117c1537b5fbdd38c27d5316

  • SHA256

    a9158bc3be8cb2cc61cf10fa1f4a5dbb5b52456e2e5aa2f04cde89fccc8c401b

  • SHA512

    d101647c65e8495d898d4a773c7073b12d7d422f744a58fe19cc137947f83cb7fbe2a8407bcf6bb439622cc4b37366593cfe2bf1231a0b75fefcc096a0af6f0b

  • SSDEEP

    3072:H6Sy8SC4Zq62dPemGum3j44e5Tx7cEGrhkngpDvchkqbAIQ:H6SPMIRdPeqm3j4z5Tx4brq2Ah

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a9158bc3be8cb2cc61cf10fa1f4a5dbb5b52456e2e5aa2f04cde89fccc8c401bN

    • Size

      104KB

    • MD5

      b485a267716beb0b79680100b6dd39e0

    • SHA1

      f3f9518c52cbe8d6117c1537b5fbdd38c27d5316

    • SHA256

      a9158bc3be8cb2cc61cf10fa1f4a5dbb5b52456e2e5aa2f04cde89fccc8c401b

    • SHA512

      d101647c65e8495d898d4a773c7073b12d7d422f744a58fe19cc137947f83cb7fbe2a8407bcf6bb439622cc4b37366593cfe2bf1231a0b75fefcc096a0af6f0b

    • SSDEEP

      3072:H6Sy8SC4Zq62dPemGum3j44e5Tx7cEGrhkngpDvchkqbAIQ:H6SPMIRdPeqm3j4z5Tx4brq2Ah

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks