General

  • Target

    97be0b1cf52ef29c1eceb4c129b81a9fbb2f6db8b3863de92d2235d65eaa7835

  • Size

    401KB

  • Sample

    241110-a5la2awckb

  • MD5

    cc0aaa82e40a81d4ca68aae1bab9871a

  • SHA1

    8ffcedf92efeefe155eba2de8013f48d61126e05

  • SHA256

    97be0b1cf52ef29c1eceb4c129b81a9fbb2f6db8b3863de92d2235d65eaa7835

  • SHA512

    a0fd95f11b03cd77040144f2acd317edd37111c76ed5b8c67c2af4bd34336de85e4595dee137a9dca5548baf27fd63acc9a20064c9ae0dac8bc514ab03a2f971

  • SSDEEP

    6144:/rBU9cyvndpui6yYPaIGckfru5xyDpui6yYPaIGckSU05836PGyA7:FUemndpV6yYP4rbpV6yYPg058KrY

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      97be0b1cf52ef29c1eceb4c129b81a9fbb2f6db8b3863de92d2235d65eaa7835

    • Size

      401KB

    • MD5

      cc0aaa82e40a81d4ca68aae1bab9871a

    • SHA1

      8ffcedf92efeefe155eba2de8013f48d61126e05

    • SHA256

      97be0b1cf52ef29c1eceb4c129b81a9fbb2f6db8b3863de92d2235d65eaa7835

    • SHA512

      a0fd95f11b03cd77040144f2acd317edd37111c76ed5b8c67c2af4bd34336de85e4595dee137a9dca5548baf27fd63acc9a20064c9ae0dac8bc514ab03a2f971

    • SSDEEP

      6144:/rBU9cyvndpui6yYPaIGckfru5xyDpui6yYPaIGckSU05836PGyA7:FUemndpV6yYP4rbpV6yYPg058KrY

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks