General

  • Target

    d9952acf81c2e9129d4087b80c8c05bae8742b48fd667edd62bd38770258888fN

  • Size

    71KB

  • Sample

    241109-tt369axgkh

  • MD5

    853fa87bf786e3976a5b43d3c1d038e0

  • SHA1

    461625ad6177e0fa7a78674a8dd847a7f0d80514

  • SHA256

    d9952acf81c2e9129d4087b80c8c05bae8742b48fd667edd62bd38770258888f

  • SHA512

    e660ed2b751e68e7936647bd479fd3360c1988fe603deeb96222011a97982a63dc423aa818aa2f60e2815a715242a5adc3c40de714fd8f8b83c4eaad409a1daa

  • SSDEEP

    1536:XqcxelLM5JDlUn/C/A2hF79Y21DklzFRQjDbEyRCRRRoR4Rk:aMelLaP5/ASvDk1FeTEy032ya

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d9952acf81c2e9129d4087b80c8c05bae8742b48fd667edd62bd38770258888fN

    • Size

      71KB

    • MD5

      853fa87bf786e3976a5b43d3c1d038e0

    • SHA1

      461625ad6177e0fa7a78674a8dd847a7f0d80514

    • SHA256

      d9952acf81c2e9129d4087b80c8c05bae8742b48fd667edd62bd38770258888f

    • SHA512

      e660ed2b751e68e7936647bd479fd3360c1988fe603deeb96222011a97982a63dc423aa818aa2f60e2815a715242a5adc3c40de714fd8f8b83c4eaad409a1daa

    • SSDEEP

      1536:XqcxelLM5JDlUn/C/A2hF79Y21DklzFRQjDbEyRCRRRoR4Rk:aMelLaP5/ASvDk1FeTEy032ya

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks