General

  • Target

    787d917ac7d60abbc8aab5c18be20e7f233484eb8789ea531bd13f351d69575dN

  • Size

    481KB

  • Sample

    241109-la65sssaqn

  • MD5

    aa2f78a2da5e6af95722ce938b7bfc10

  • SHA1

    800d13361e8dafe8ebcc0d127e6c5544efb10f2a

  • SHA256

    787d917ac7d60abbc8aab5c18be20e7f233484eb8789ea531bd13f351d69575d

  • SHA512

    d2b675ce60d4f8bd8e35d52738b7a9f27edd61b0fc95d6ead796c34aff76e7876fc3a66ce0dd6d83b386b0771f6bcbf0aaaa3be238f4ef350cd8f915f1e289e8

  • SSDEEP

    6144:qC7Wt8thQC/HJl8FM6234lKm3mo8Yvi4KsLTFM6234lKm3+ry+dBQ:qCnJfJyFB24lwR45FB24l4++dBQ

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      787d917ac7d60abbc8aab5c18be20e7f233484eb8789ea531bd13f351d69575dN

    • Size

      481KB

    • MD5

      aa2f78a2da5e6af95722ce938b7bfc10

    • SHA1

      800d13361e8dafe8ebcc0d127e6c5544efb10f2a

    • SHA256

      787d917ac7d60abbc8aab5c18be20e7f233484eb8789ea531bd13f351d69575d

    • SHA512

      d2b675ce60d4f8bd8e35d52738b7a9f27edd61b0fc95d6ead796c34aff76e7876fc3a66ce0dd6d83b386b0771f6bcbf0aaaa3be238f4ef350cd8f915f1e289e8

    • SSDEEP

      6144:qC7Wt8thQC/HJl8FM6234lKm3mo8Yvi4KsLTFM6234lKm3+ry+dBQ:qCnJfJyFB24lwR45FB24l4++dBQ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks