General

  • Target

    ff08ce26a7af629637c090771cabeef7b783b72c621ebfbc635ca46a3ff69683

  • Size

    128KB

  • Sample

    241107-hmaqkszpgj

  • MD5

    e17768682b25819b13ff7060f880e25d

  • SHA1

    f183cf53b2500742d112537482068eafb9367593

  • SHA256

    ff08ce26a7af629637c090771cabeef7b783b72c621ebfbc635ca46a3ff69683

  • SHA512

    1c9006f3cefde7c4ca73f61a40ed9f14411c7fbfb5857295d746e07c69c0a0b44ead9da78ae6d0f7f21a52f04c83f7975d1966327ab68216c4e546612d177231

  • SSDEEP

    3072:OURzXEsiY0/4y+7zcHeXaKe5Mx7cEGrhkngpDvchkqbAIQxgFM9MD:bjEqw49cHDh5Mx4brq2Ah1FM6D

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ff08ce26a7af629637c090771cabeef7b783b72c621ebfbc635ca46a3ff69683

    • Size

      128KB

    • MD5

      e17768682b25819b13ff7060f880e25d

    • SHA1

      f183cf53b2500742d112537482068eafb9367593

    • SHA256

      ff08ce26a7af629637c090771cabeef7b783b72c621ebfbc635ca46a3ff69683

    • SHA512

      1c9006f3cefde7c4ca73f61a40ed9f14411c7fbfb5857295d746e07c69c0a0b44ead9da78ae6d0f7f21a52f04c83f7975d1966327ab68216c4e546612d177231

    • SSDEEP

      3072:OURzXEsiY0/4y+7zcHeXaKe5Mx7cEGrhkngpDvchkqbAIQxgFM9MD:bjEqw49cHDh5Mx4brq2Ah1FM6D

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks