General

  • Target

    4fbcd7a076e974b2881cbd0daffefcfdae043dcdd349ed21796c0813f94a0a32N

  • Size

    95KB

  • Sample

    241109-f6wfaaxqez

  • MD5

    c5bd53bfe149e191a37c7ce3e3c87f30

  • SHA1

    db866c56b19655d776288af2d7ad7c28dc13ade3

  • SHA256

    4fbcd7a076e974b2881cbd0daffefcfdae043dcdd349ed21796c0813f94a0a32

  • SHA512

    628b24e9bd5026687f4da5cfc780cd476ecd908f5f8dae44407904eeb06cf42853cc568cabf7ac8ea54e251995db31fef25478ef15148262551e945782f38f07

  • SSDEEP

    1536:yeI7kJbLWxYgJoqterG9wbb0yxG7Ls1d2fnrRQrARVRoRch1dROrwpOudRirVtF/:yB7kJbLWxY2bQrYwbh2g6reUTWM1dQrr

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4fbcd7a076e974b2881cbd0daffefcfdae043dcdd349ed21796c0813f94a0a32N

    • Size

      95KB

    • MD5

      c5bd53bfe149e191a37c7ce3e3c87f30

    • SHA1

      db866c56b19655d776288af2d7ad7c28dc13ade3

    • SHA256

      4fbcd7a076e974b2881cbd0daffefcfdae043dcdd349ed21796c0813f94a0a32

    • SHA512

      628b24e9bd5026687f4da5cfc780cd476ecd908f5f8dae44407904eeb06cf42853cc568cabf7ac8ea54e251995db31fef25478ef15148262551e945782f38f07

    • SSDEEP

      1536:yeI7kJbLWxYgJoqterG9wbb0yxG7Ls1d2fnrRQrARVRoRch1dROrwpOudRirVtF/:yB7kJbLWxY2bQrYwbh2g6reUTWM1dQrr

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks