General

  • Target

    7a04477ba032002cc912b19972fe8b463550aeff0964a1c39234d4ec2d3066d5N

  • Size

    411KB

  • Sample

    241109-r7c6wawgmp

  • MD5

    dca5b412acad1e004d75f73fc7e3ac90

  • SHA1

    ffcfb49c3dc73bf3b04f76056e4c1b15d1e0b2eb

  • SHA256

    7a04477ba032002cc912b19972fe8b463550aeff0964a1c39234d4ec2d3066d5

  • SHA512

    fdd7e53758e89f624781007166e670bc50756125260be463a7a35c66b8bcdcf76621d88e614e6f3ecbc3395ff296b866477415580c8156907f19857c5222fed4

  • SSDEEP

    12288:WabqpV6yYPI3cpV6yYPZ0PVdvcY9+8hk5PDtJNBcL/D:LqWHWZ0PVdvcY9+8hk5DtJNBcL/D

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7a04477ba032002cc912b19972fe8b463550aeff0964a1c39234d4ec2d3066d5N

    • Size

      411KB

    • MD5

      dca5b412acad1e004d75f73fc7e3ac90

    • SHA1

      ffcfb49c3dc73bf3b04f76056e4c1b15d1e0b2eb

    • SHA256

      7a04477ba032002cc912b19972fe8b463550aeff0964a1c39234d4ec2d3066d5

    • SHA512

      fdd7e53758e89f624781007166e670bc50756125260be463a7a35c66b8bcdcf76621d88e614e6f3ecbc3395ff296b866477415580c8156907f19857c5222fed4

    • SSDEEP

      12288:WabqpV6yYPI3cpV6yYPZ0PVdvcY9+8hk5PDtJNBcL/D:LqWHWZ0PVdvcY9+8hk5DtJNBcL/D

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks