General

  • Target

    e31c39c783e034d77a8a0f3f278c4109561cbe254f17b345910b04ee4c5140cdN

  • Size

    71KB

  • Sample

    241109-hfc75aypaz

  • MD5

    4a04eec264ea2c056fbbebc2faec6360

  • SHA1

    ce956312a8706d8933f8da3111a8cf63884fc237

  • SHA256

    e31c39c783e034d77a8a0f3f278c4109561cbe254f17b345910b04ee4c5140cd

  • SHA512

    d8360fbd2229fb36b1751a31470abe32483481a13a4fbbffe995c6aad5a969de01a1135a86496d852bf6a003088e34c4896acb193a65c4e2e3131b1c34fb2ab8

  • SSDEEP

    1536:VPoW7O+huAFFFfBKd9ox7T4q7E/Gv43eGfRQJDbEyRCRRRoR4Rk:VPoWvFJkduDw/g8eGfe1Ey032ya

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e31c39c783e034d77a8a0f3f278c4109561cbe254f17b345910b04ee4c5140cdN

    • Size

      71KB

    • MD5

      4a04eec264ea2c056fbbebc2faec6360

    • SHA1

      ce956312a8706d8933f8da3111a8cf63884fc237

    • SHA256

      e31c39c783e034d77a8a0f3f278c4109561cbe254f17b345910b04ee4c5140cd

    • SHA512

      d8360fbd2229fb36b1751a31470abe32483481a13a4fbbffe995c6aad5a969de01a1135a86496d852bf6a003088e34c4896acb193a65c4e2e3131b1c34fb2ab8

    • SSDEEP

      1536:VPoW7O+huAFFFfBKd9ox7T4q7E/Gv43eGfRQJDbEyRCRRRoR4Rk:VPoWvFJkduDw/g8eGfe1Ey032ya

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks