General

  • Target

    80d7487d1209e7890c003cf269eca5536f011c42af0ac955af09c5acb5777446N

  • Size

    96KB

  • Sample

    241109-pn834avanr

  • MD5

    628886017310ad2b6c576ef516a0d930

  • SHA1

    019fa6458954a97067fbf4c4770d7b105c03c920

  • SHA256

    80d7487d1209e7890c003cf269eca5536f011c42af0ac955af09c5acb5777446

  • SHA512

    bcf0273b71a6aa8599349d71901c7102b013a907a269b4088e4e50152021006848194537a650e7370c2af893fb1a71eb6402c599990f5a654710f2631215c69e

  • SSDEEP

    1536:VOApSY1aGgbGnt6RXsL/0E/bMMMAEWBRQ+SR5R45WtqV9R2R462izMg3R7ih9:IApaGtPo/cBe+SHrtG9MW3+3l29

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      80d7487d1209e7890c003cf269eca5536f011c42af0ac955af09c5acb5777446N

    • Size

      96KB

    • MD5

      628886017310ad2b6c576ef516a0d930

    • SHA1

      019fa6458954a97067fbf4c4770d7b105c03c920

    • SHA256

      80d7487d1209e7890c003cf269eca5536f011c42af0ac955af09c5acb5777446

    • SHA512

      bcf0273b71a6aa8599349d71901c7102b013a907a269b4088e4e50152021006848194537a650e7370c2af893fb1a71eb6402c599990f5a654710f2631215c69e

    • SSDEEP

      1536:VOApSY1aGgbGnt6RXsL/0E/bMMMAEWBRQ+SR5R45WtqV9R2R462izMg3R7ih9:IApaGtPo/cBe+SHrtG9MW3+3l29

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks