General

  • Target

    6b10de523b6e168c3110d74159892c12f49d0ca34d7b6ca3784a21cdefe81c10N

  • Size

    320KB

  • Sample

    241109-trqs5swrbv

  • MD5

    c9a69f513fe3be69e7fa49ddc021f8a0

  • SHA1

    1038e1ac23d39274d51d085a7b56a0c2c4a7a8d8

  • SHA256

    6b10de523b6e168c3110d74159892c12f49d0ca34d7b6ca3784a21cdefe81c10

  • SHA512

    87feaeae04e38633d453629497ca5f26c327987e6cb04dac6f35daf30e89c75c55f94d06cedc50b1a1365cd96b9bfb29c881c6d68edef5c6d08b3f114a15c557

  • SSDEEP

    6144:VEtw6h7PmMKwLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N1O:GmM0YJ07kE0KoFtw2gu9RxrBIUbPLwHT

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6b10de523b6e168c3110d74159892c12f49d0ca34d7b6ca3784a21cdefe81c10N

    • Size

      320KB

    • MD5

      c9a69f513fe3be69e7fa49ddc021f8a0

    • SHA1

      1038e1ac23d39274d51d085a7b56a0c2c4a7a8d8

    • SHA256

      6b10de523b6e168c3110d74159892c12f49d0ca34d7b6ca3784a21cdefe81c10

    • SHA512

      87feaeae04e38633d453629497ca5f26c327987e6cb04dac6f35daf30e89c75c55f94d06cedc50b1a1365cd96b9bfb29c881c6d68edef5c6d08b3f114a15c557

    • SSDEEP

      6144:VEtw6h7PmMKwLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N1O:GmM0YJ07kE0KoFtw2gu9RxrBIUbPLwHT

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks