General

  • Target

    2b4ef054eb95eabb9fef8483989a6d70bd3d5196ef3a0e75a9d69b9f426ca68cN

  • Size

    71KB

  • Sample

    241107-h3jcna1jan

  • MD5

    85e9cec117dde27f945395ebca93c040

  • SHA1

    2ba3db7d5b38cfb60a542450a4362469b14d7a41

  • SHA256

    2b4ef054eb95eabb9fef8483989a6d70bd3d5196ef3a0e75a9d69b9f426ca68c

  • SHA512

    e92896001cd85f954c31f9021218d1720961e64f15e9d5444a70d5a58988e5958543a2b09b74cf59e41ef516745f7754ad80a48804f0dcf16f69f1bc25f55383

  • SSDEEP

    1536:pNswOjubSS2E2nwPoclru2e5Xhep96RQj7K1P+ATT:wwOCB2E2wvlr7e5XI96eyP+A3

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      2b4ef054eb95eabb9fef8483989a6d70bd3d5196ef3a0e75a9d69b9f426ca68cN

    • Size

      71KB

    • MD5

      85e9cec117dde27f945395ebca93c040

    • SHA1

      2ba3db7d5b38cfb60a542450a4362469b14d7a41

    • SHA256

      2b4ef054eb95eabb9fef8483989a6d70bd3d5196ef3a0e75a9d69b9f426ca68c

    • SHA512

      e92896001cd85f954c31f9021218d1720961e64f15e9d5444a70d5a58988e5958543a2b09b74cf59e41ef516745f7754ad80a48804f0dcf16f69f1bc25f55383

    • SSDEEP

      1536:pNswOjubSS2E2nwPoclru2e5Xhep96RQj7K1P+ATT:wwOCB2E2wvlr7e5XI96eyP+A3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks