General

  • Target

    f86a805b48d1416a5f009397364eef991b9657a82c33d099478cebebfcb0f688

  • Size

    320KB

  • Sample

    241107-ha3ktsxdqd

  • MD5

    e2a42252050f2eedabde488b76a718f0

  • SHA1

    de1dea178eee777e045bfbadf6893f218a773058

  • SHA256

    f86a805b48d1416a5f009397364eef991b9657a82c33d099478cebebfcb0f688

  • SHA512

    a52023a6aa797bef26dd486658ac79c0e6cd69e0515d3dc2dd7c5645b3184c34f9debf53f5d446f4b97067e9fe66c810427b4490582c41f74e3747a0021e09e6

  • SSDEEP

    6144:U5Uwf0UQ0OdTLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N1O:nA0U0OYJ07kE0KoFtw2gu9RxrBIUbPLK

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f86a805b48d1416a5f009397364eef991b9657a82c33d099478cebebfcb0f688

    • Size

      320KB

    • MD5

      e2a42252050f2eedabde488b76a718f0

    • SHA1

      de1dea178eee777e045bfbadf6893f218a773058

    • SHA256

      f86a805b48d1416a5f009397364eef991b9657a82c33d099478cebebfcb0f688

    • SHA512

      a52023a6aa797bef26dd486658ac79c0e6cd69e0515d3dc2dd7c5645b3184c34f9debf53f5d446f4b97067e9fe66c810427b4490582c41f74e3747a0021e09e6

    • SSDEEP

      6144:U5Uwf0UQ0OdTLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N1O:nA0U0OYJ07kE0KoFtw2gu9RxrBIUbPLK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks