General

  • Target

    806d4390fb76d4045ad5ca913d394fa3f14c507c686dedf6042e28bb17ac062aN

  • Size

    203KB

  • Sample

    241109-meastssfpa

  • MD5

    e818e2ecf0e3e6f49356b379d1645090

  • SHA1

    5f1511f3d551b62d21cec091f79b0a14e4bd01c2

  • SHA256

    806d4390fb76d4045ad5ca913d394fa3f14c507c686dedf6042e28bb17ac062a

  • SHA512

    a3978e22b4d8062ef2fa2c34132f58468799350c833168586d40f1ddd299e582bc4bbe060bdc0a89d494ea8c405a83cf59ae6ed2626231e1f083954ab0d10ce6

  • SSDEEP

    6144:xHUyoi/Oz8ztnJfKXqPTX7D7FM6234lKm3mo8YG:vZUitJCXqP77D7FB24lwT

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      806d4390fb76d4045ad5ca913d394fa3f14c507c686dedf6042e28bb17ac062aN

    • Size

      203KB

    • MD5

      e818e2ecf0e3e6f49356b379d1645090

    • SHA1

      5f1511f3d551b62d21cec091f79b0a14e4bd01c2

    • SHA256

      806d4390fb76d4045ad5ca913d394fa3f14c507c686dedf6042e28bb17ac062a

    • SHA512

      a3978e22b4d8062ef2fa2c34132f58468799350c833168586d40f1ddd299e582bc4bbe060bdc0a89d494ea8c405a83cf59ae6ed2626231e1f083954ab0d10ce6

    • SSDEEP

      6144:xHUyoi/Oz8ztnJfKXqPTX7D7FM6234lKm3mo8YG:vZUitJCXqP77D7FB24lwT

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks