General

  • Target

    d7a6ab48a67f9982888a64e7543cced0aefcbdc05b46bad12911a4266473bc4eN

  • Size

    362KB

  • Sample

    241109-fzbgjaycnd

  • MD5

    c4cc8bb9cdef950d4366e024fe5f5da0

  • SHA1

    6ee32c1cc518c10744a92f5f5e18b10197ab3d27

  • SHA256

    d7a6ab48a67f9982888a64e7543cced0aefcbdc05b46bad12911a4266473bc4e

  • SHA512

    f61771e318650f83785536573e943f5db25c66c20bbc815dadad93cffd68194a73c4a4d149eb009d65a99113ed9f9a8eefd6fc75506ba2c4bf10d5044e763456

  • SSDEEP

    6144:Ifa0JNQzK0p/Kpr8H6Si1VtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1f:IfaQNQzKo/KprS6DtmuMtrQ07nGWxWSQ

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d7a6ab48a67f9982888a64e7543cced0aefcbdc05b46bad12911a4266473bc4eN

    • Size

      362KB

    • MD5

      c4cc8bb9cdef950d4366e024fe5f5da0

    • SHA1

      6ee32c1cc518c10744a92f5f5e18b10197ab3d27

    • SHA256

      d7a6ab48a67f9982888a64e7543cced0aefcbdc05b46bad12911a4266473bc4e

    • SHA512

      f61771e318650f83785536573e943f5db25c66c20bbc815dadad93cffd68194a73c4a4d149eb009d65a99113ed9f9a8eefd6fc75506ba2c4bf10d5044e763456

    • SSDEEP

      6144:Ifa0JNQzK0p/Kpr8H6Si1VtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1f:IfaQNQzKo/KprS6DtmuMtrQ07nGWxWSQ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks