General

  • Target

    59d0499bca2d31187a291ed9824b4fbeaf333b0bb7e71feacb5a69d411077860N

  • Size

    128KB

  • Sample

    241107-ff9j8ayjfq

  • MD5

    e7f6e2c321a2713710bad6a538b950f0

  • SHA1

    b33873191e7917760dc0eef9998b15c1c6a46f2e

  • SHA256

    59d0499bca2d31187a291ed9824b4fbeaf333b0bb7e71feacb5a69d411077860

  • SHA512

    755a1987d1f52fe243608957b38dedb3714642b08090d8725472b6f66e7db6d563f895a36523a2624eb9414dc1e6890f751f88952388df4965cc791a44b264b4

  • SSDEEP

    3072:bq2DCphEn7Vn5XogtE6oDreZlj9pui6yYPaI7DehizrVtN:P/n78nYJpui6yYPaIGc

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      59d0499bca2d31187a291ed9824b4fbeaf333b0bb7e71feacb5a69d411077860N

    • Size

      128KB

    • MD5

      e7f6e2c321a2713710bad6a538b950f0

    • SHA1

      b33873191e7917760dc0eef9998b15c1c6a46f2e

    • SHA256

      59d0499bca2d31187a291ed9824b4fbeaf333b0bb7e71feacb5a69d411077860

    • SHA512

      755a1987d1f52fe243608957b38dedb3714642b08090d8725472b6f66e7db6d563f895a36523a2624eb9414dc1e6890f751f88952388df4965cc791a44b264b4

    • SSDEEP

      3072:bq2DCphEn7Vn5XogtE6oDreZlj9pui6yYPaI7DehizrVtN:P/n78nYJpui6yYPaIGc

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks