General

  • Target

    b3b5f819775e32cb44774b23a79e4514ef43dbe65df4a8a3ffa3e7cf38e8626aN

  • Size

    89KB

  • Sample

    241107-h52xsaxldz

  • MD5

    45b3281cca450e215e11a02d8a736770

  • SHA1

    58903d4408a26a791a478509e5b9f4a099ab38df

  • SHA256

    b3b5f819775e32cb44774b23a79e4514ef43dbe65df4a8a3ffa3e7cf38e8626a

  • SHA512

    56bd2f2858721902f481730a4f7c174266fc1f4867efbe6fae44441b49b1ebb0b09d44b6bf5f01a96c9c47d68796c34c2241bac37e955b70e6ab245c20cf4875

  • SSDEEP

    1536:zl00u3wFmt7GPLyyThoN6iODglx+Vlqktr8P3aQpnXfzxzKgFjKyBORQUmD68a+j:zl093wFU7yLyyTu6isglUvqkpia+Xp5p

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b3b5f819775e32cb44774b23a79e4514ef43dbe65df4a8a3ffa3e7cf38e8626aN

    • Size

      89KB

    • MD5

      45b3281cca450e215e11a02d8a736770

    • SHA1

      58903d4408a26a791a478509e5b9f4a099ab38df

    • SHA256

      b3b5f819775e32cb44774b23a79e4514ef43dbe65df4a8a3ffa3e7cf38e8626a

    • SHA512

      56bd2f2858721902f481730a4f7c174266fc1f4867efbe6fae44441b49b1ebb0b09d44b6bf5f01a96c9c47d68796c34c2241bac37e955b70e6ab245c20cf4875

    • SSDEEP

      1536:zl00u3wFmt7GPLyyThoN6iODglx+Vlqktr8P3aQpnXfzxzKgFjKyBORQUmD68a+j:zl093wFU7yLyyTu6isglUvqkpia+Xp5p

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks