General

  • Target

    6039c763cac270362af984e825c32eef338ae2f0ab3b3aca10b23e839a16a47cN

  • Size

    71KB

  • Sample

    241109-sfp7ssxajm

  • MD5

    d3d6041cf71a5875032f26489ac9ceb0

  • SHA1

    c97d7b76dac3fbfdf79ed8dfa3af676e7c5fda09

  • SHA256

    6039c763cac270362af984e825c32eef338ae2f0ab3b3aca10b23e839a16a47c

  • SHA512

    fe63d8c2914373abf46aae23f5e562780d784fafe49138133c9410cad160399fe4d78b6d726c4cbaa93a6a7d52813da9cafa280138a1c01591a4d1b6a820ab3c

  • SSDEEP

    1536:9AwmXRRTSHVekoV12E0MCTdCBcqSIipXtgZ+1EPRQVK1P+ATT:eHRRY341Jrm3npXtgZnPe8P+A3

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6039c763cac270362af984e825c32eef338ae2f0ab3b3aca10b23e839a16a47cN

    • Size

      71KB

    • MD5

      d3d6041cf71a5875032f26489ac9ceb0

    • SHA1

      c97d7b76dac3fbfdf79ed8dfa3af676e7c5fda09

    • SHA256

      6039c763cac270362af984e825c32eef338ae2f0ab3b3aca10b23e839a16a47c

    • SHA512

      fe63d8c2914373abf46aae23f5e562780d784fafe49138133c9410cad160399fe4d78b6d726c4cbaa93a6a7d52813da9cafa280138a1c01591a4d1b6a820ab3c

    • SSDEEP

      1536:9AwmXRRTSHVekoV12E0MCTdCBcqSIipXtgZ+1EPRQVK1P+ATT:eHRRY341Jrm3npXtgZnPe8P+A3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks