General

  • Target

    a677f62fd651495e7df1a9daf58ba8520e8b3e797f3c503a93de22bebb33cd99N

  • Size

    137KB

  • Sample

    241107-h7aajs1jfn

  • MD5

    d291cbbf37ed663678ce7c90df6294d0

  • SHA1

    e7c92b4dfd148c09440d38d3c9133f56c65d3d09

  • SHA256

    a677f62fd651495e7df1a9daf58ba8520e8b3e797f3c503a93de22bebb33cd99

  • SHA512

    0b32c849c42cb0b60039ae3dcdb03c74aacbb7b2a0bac935582c95fbd03862bf363c954a2af79c0735e67b06e08ec8cac592483114fef426cfcc5d767f6d0217

  • SSDEEP

    3072:n47BOnedUUTxMz+Jbke3UEdmjRrz3TIUV4BKx:Hnu/dkEdGTB

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a677f62fd651495e7df1a9daf58ba8520e8b3e797f3c503a93de22bebb33cd99N

    • Size

      137KB

    • MD5

      d291cbbf37ed663678ce7c90df6294d0

    • SHA1

      e7c92b4dfd148c09440d38d3c9133f56c65d3d09

    • SHA256

      a677f62fd651495e7df1a9daf58ba8520e8b3e797f3c503a93de22bebb33cd99

    • SHA512

      0b32c849c42cb0b60039ae3dcdb03c74aacbb7b2a0bac935582c95fbd03862bf363c954a2af79c0735e67b06e08ec8cac592483114fef426cfcc5d767f6d0217

    • SSDEEP

      3072:n47BOnedUUTxMz+Jbke3UEdmjRrz3TIUV4BKx:Hnu/dkEdGTB

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks