General

  • Target

    7e47087b9b1976595c283aed4f54f60e5907646977f7a30685c631508c40ef09N

  • Size

    128KB

  • Sample

    241109-tqz1eszrcq

  • MD5

    a7af513f5a7e45a653e1a1009348d610

  • SHA1

    14dbfae689aeb3472700272467681742ab2f5309

  • SHA256

    7e47087b9b1976595c283aed4f54f60e5907646977f7a30685c631508c40ef09

  • SHA512

    400e01b81120b42c8149d04c0b33b736e452163042b4688121c9c501ca35679fb5225cde920e46ffff00514baa7529d231e6527576b9baf49989dd77495b9d4f

  • SSDEEP

    3072:YNR/5iNCdXmHDWideBlj9pui6yYPaI7DehizrVtN:YDxwKhpui6yYPaIGc

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7e47087b9b1976595c283aed4f54f60e5907646977f7a30685c631508c40ef09N

    • Size

      128KB

    • MD5

      a7af513f5a7e45a653e1a1009348d610

    • SHA1

      14dbfae689aeb3472700272467681742ab2f5309

    • SHA256

      7e47087b9b1976595c283aed4f54f60e5907646977f7a30685c631508c40ef09

    • SHA512

      400e01b81120b42c8149d04c0b33b736e452163042b4688121c9c501ca35679fb5225cde920e46ffff00514baa7529d231e6527576b9baf49989dd77495b9d4f

    • SSDEEP

      3072:YNR/5iNCdXmHDWideBlj9pui6yYPaI7DehizrVtN:YDxwKhpui6yYPaIGc

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks