General

  • Target

    d47a82a618d3c848029d9e993418220f1c8f0540d35fc1219c2af0f7cdee8f50N

  • Size

    104KB

  • Sample

    241109-hfbdjazdjm

  • MD5

    cab3ad886c398ded161a04358bfa5bb0

  • SHA1

    7ce7f617e446332ade3e05e9fa56c6047e20fb1f

  • SHA256

    d47a82a618d3c848029d9e993418220f1c8f0540d35fc1219c2af0f7cdee8f50

  • SHA512

    1faba3d07b81af8ba31f67b73934fb3cfc145ad1747d5899da0a475e6a65167d3f651cbffcb3acced4b17a140cb4bc012ea565e3db281ffcf29427997e21b4f9

  • SSDEEP

    3072:/IIEchJsIwbM1YRz22sczLHNu53dGswXAu3gG/ue5ux7cEGrhkngpDvchkqbAIQS:/IaTsIwbM1v2sMgdGsPGd5ux4brq2Ahn

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d47a82a618d3c848029d9e993418220f1c8f0540d35fc1219c2af0f7cdee8f50N

    • Size

      104KB

    • MD5

      cab3ad886c398ded161a04358bfa5bb0

    • SHA1

      7ce7f617e446332ade3e05e9fa56c6047e20fb1f

    • SHA256

      d47a82a618d3c848029d9e993418220f1c8f0540d35fc1219c2af0f7cdee8f50

    • SHA512

      1faba3d07b81af8ba31f67b73934fb3cfc145ad1747d5899da0a475e6a65167d3f651cbffcb3acced4b17a140cb4bc012ea565e3db281ffcf29427997e21b4f9

    • SSDEEP

      3072:/IIEchJsIwbM1YRz22sczLHNu53dGswXAu3gG/ue5ux7cEGrhkngpDvchkqbAIQS:/IaTsIwbM1v2sMgdGsPGd5ux4brq2Ahn

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks