General

  • Target

    49e827499b642a4c0df8cfe0b7fe1a97bdef2846d8aeb185508a65077dc2e259N

  • Size

    320KB

  • Sample

    241107-h74jdsyalb

  • MD5

    7ccf7a236dc1facb1f93909af237b180

  • SHA1

    2036dc237e407d4b78fd7b1bc8e092fa4f961415

  • SHA256

    49e827499b642a4c0df8cfe0b7fe1a97bdef2846d8aeb185508a65077dc2e259

  • SHA512

    3bc54b2e87fa15235ba791bff2019be8672d5414efc13ce572c8b6aaeab285abb33bb804c9fb97ce0d8906b4a85dd794e8302f07ec01bef72a6411e15081bbbc

  • SSDEEP

    6144:pZdwiDzQhLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N1I0lS:pZV7YJ07kE0KoFtw2gu9RxrBIUbPLwHT

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      49e827499b642a4c0df8cfe0b7fe1a97bdef2846d8aeb185508a65077dc2e259N

    • Size

      320KB

    • MD5

      7ccf7a236dc1facb1f93909af237b180

    • SHA1

      2036dc237e407d4b78fd7b1bc8e092fa4f961415

    • SHA256

      49e827499b642a4c0df8cfe0b7fe1a97bdef2846d8aeb185508a65077dc2e259

    • SHA512

      3bc54b2e87fa15235ba791bff2019be8672d5414efc13ce572c8b6aaeab285abb33bb804c9fb97ce0d8906b4a85dd794e8302f07ec01bef72a6411e15081bbbc

    • SSDEEP

      6144:pZdwiDzQhLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N1I0lS:pZV7YJ07kE0KoFtw2gu9RxrBIUbPLwHT

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks