General

  • Target

    888ad54d19617149d6fd805ac72386b1f9e086be83f04575fbbdb3a71cc89623N

  • Size

    89KB

  • Sample

    241109-s8rlbsxemn

  • MD5

    78d5491cdb723c36885c7de3a5358a20

  • SHA1

    5d3513cd671adc06e9160016babc9b8d509baf52

  • SHA256

    888ad54d19617149d6fd805ac72386b1f9e086be83f04575fbbdb3a71cc89623

  • SHA512

    d4917b244dc56d9e3a7b88d030de63ddda060f71ccc888b0a186ab0538a477762be048817fc1456686edc8ca0356a9edb5f05991a5ed245a98cd3703a9a8859a

  • SSDEEP

    1536:bK3QZ8Sy8CblOykiuGRjQT9ZaPso5X1UMGlRQwD68a+VMKKTRVGFtUhQfR1WRaRR:bKoy8CdGGIa51UMGlepr4MKy3G7UEqMR

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      888ad54d19617149d6fd805ac72386b1f9e086be83f04575fbbdb3a71cc89623N

    • Size

      89KB

    • MD5

      78d5491cdb723c36885c7de3a5358a20

    • SHA1

      5d3513cd671adc06e9160016babc9b8d509baf52

    • SHA256

      888ad54d19617149d6fd805ac72386b1f9e086be83f04575fbbdb3a71cc89623

    • SHA512

      d4917b244dc56d9e3a7b88d030de63ddda060f71ccc888b0a186ab0538a477762be048817fc1456686edc8ca0356a9edb5f05991a5ed245a98cd3703a9a8859a

    • SSDEEP

      1536:bK3QZ8Sy8CblOykiuGRjQT9ZaPso5X1UMGlRQwD68a+VMKKTRVGFtUhQfR1WRaRR:bKoy8CdGGIa51UMGlepr4MKy3G7UEqMR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks