General

  • Target

    b2924b1095475f3929206896ae3aee181bd2f5da33929a58149eb158d255d702N

  • Size

    343KB

  • Sample

    241109-sh2cvazjhr

  • MD5

    f2e1714c0b3133be26786296634594b0

  • SHA1

    a49137896c9a0d377459697545f63606e56054de

  • SHA256

    b2924b1095475f3929206896ae3aee181bd2f5da33929a58149eb158d255d702

  • SHA512

    9362f3eed543d648cb15d3e34ad37cb6b56f22cdbb0a261c93b6136ee4159b1c8ac168b7446860b7bf1aeb182062328d4b8cdfb53908bd4f261323eef3e4966e

  • SSDEEP

    6144:JLetR5qO+uNk54t3haeTFLel6ZfoPPB2I5BjopZ7TngrVIeoKhyCjonootafOxbK:J9O+uNk54t3hJVKOfoHBfByZPgrVIwhz

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b2924b1095475f3929206896ae3aee181bd2f5da33929a58149eb158d255d702N

    • Size

      343KB

    • MD5

      f2e1714c0b3133be26786296634594b0

    • SHA1

      a49137896c9a0d377459697545f63606e56054de

    • SHA256

      b2924b1095475f3929206896ae3aee181bd2f5da33929a58149eb158d255d702

    • SHA512

      9362f3eed543d648cb15d3e34ad37cb6b56f22cdbb0a261c93b6136ee4159b1c8ac168b7446860b7bf1aeb182062328d4b8cdfb53908bd4f261323eef3e4966e

    • SSDEEP

      6144:JLetR5qO+uNk54t3haeTFLel6ZfoPPB2I5BjopZ7TngrVIeoKhyCjonootafOxbK:J9O+uNk54t3hJVKOfoHBfByZPgrVIwhz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks