General

  • Target

    25b60bf5f340e1ae070605c679f84297417dabd98d5fbde4255120ac1e19e957N

  • Size

    264KB

  • Sample

    241109-nd9q7stckl

  • MD5

    e0ac03d90963452576bac229b77d1480

  • SHA1

    8055ecc910a89b0984d673d6c5f5695b6cccd43f

  • SHA256

    25b60bf5f340e1ae070605c679f84297417dabd98d5fbde4255120ac1e19e957

  • SHA512

    fe199d69663ecb4040ec8f79d38deea1339aac85668833a624fafd6ee98aada2c69f74a11881c364f6302abe4cfe5860cad61793155ab95ce50e69d098109365

  • SSDEEP

    6144:VwtLJVQ7YT0+JWZpui6yYPaIGck72siBTQtpui6yYPaIGckv:ett+YTLJypV6yYPc2siBTspV6yYPo

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      25b60bf5f340e1ae070605c679f84297417dabd98d5fbde4255120ac1e19e957N

    • Size

      264KB

    • MD5

      e0ac03d90963452576bac229b77d1480

    • SHA1

      8055ecc910a89b0984d673d6c5f5695b6cccd43f

    • SHA256

      25b60bf5f340e1ae070605c679f84297417dabd98d5fbde4255120ac1e19e957

    • SHA512

      fe199d69663ecb4040ec8f79d38deea1339aac85668833a624fafd6ee98aada2c69f74a11881c364f6302abe4cfe5860cad61793155ab95ce50e69d098109365

    • SSDEEP

      6144:VwtLJVQ7YT0+JWZpui6yYPaIGck72siBTQtpui6yYPaIGckv:ett+YTLJypV6yYPc2siBTspV6yYPo

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks