General

  • Target

    ec0943b1b58ece604cd38c8c3a1468f90bab14def5a7355be0e459797091f8deN

  • Size

    176KB

  • Sample

    241109-kbzaxa1elh

  • MD5

    c036d8e5ae4774b6aa8e6eb96aeef1c0

  • SHA1

    ffca538f9889e4b40ffebf53edb5ca3aa622acd2

  • SHA256

    ec0943b1b58ece604cd38c8c3a1468f90bab14def5a7355be0e459797091f8de

  • SHA512

    fcd68c84db5f9e27f7ec801c2edab6e0add93681438766f70c894e4891859e98db8013e79c8bfa42c9a37bd43fd22546a146194fdab29586ee70260048cf707c

  • SSDEEP

    3072:SnUxEmOtkRv1vvhhhYNhqe3Ey032yaCMMq9FIUPv9XOVw1FaX6lwzmOJfYerMMqG:PxQtrj3E4f9FIUpOVw86CmOJfTo9FIUa

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ec0943b1b58ece604cd38c8c3a1468f90bab14def5a7355be0e459797091f8deN

    • Size

      176KB

    • MD5

      c036d8e5ae4774b6aa8e6eb96aeef1c0

    • SHA1

      ffca538f9889e4b40ffebf53edb5ca3aa622acd2

    • SHA256

      ec0943b1b58ece604cd38c8c3a1468f90bab14def5a7355be0e459797091f8de

    • SHA512

      fcd68c84db5f9e27f7ec801c2edab6e0add93681438766f70c894e4891859e98db8013e79c8bfa42c9a37bd43fd22546a146194fdab29586ee70260048cf707c

    • SSDEEP

      3072:SnUxEmOtkRv1vvhhhYNhqe3Ey032yaCMMq9FIUPv9XOVw1FaX6lwzmOJfYerMMqG:PxQtrj3E4f9FIUpOVw86CmOJfTo9FIUa

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks