General

  • Target

    9c8da5e9066870d85f7eb7b1bebd7cefcb32ce5a5df1a9e92eeb27a9c8bbcfb3N

  • Size

    71KB

  • Sample

    241110-asnkmawanf

  • MD5

    644dfe6c6376e19b6387441495fc5e60

  • SHA1

    268427bff06ba289227dedb883366e59b79bb8b5

  • SHA256

    9c8da5e9066870d85f7eb7b1bebd7cefcb32ce5a5df1a9e92eeb27a9c8bbcfb3

  • SHA512

    ae948c175a0bfeca0bb6df4d4ad0e78cfc5e423bd71056edcdf7d8313d13b014e5e89c6328aa05fd1a1dfd620c82bf0ca2a34ede2d60f26e661b665284f340eb

  • SSDEEP

    1536:VNloBcyYG96pO/PtyKBoBqYWxX0LHj/73Tvr6gtPRQPDbEyRCRRRoR4Rk:HqYRO/JBoB9WxX1UPenEy032ya

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9c8da5e9066870d85f7eb7b1bebd7cefcb32ce5a5df1a9e92eeb27a9c8bbcfb3N

    • Size

      71KB

    • MD5

      644dfe6c6376e19b6387441495fc5e60

    • SHA1

      268427bff06ba289227dedb883366e59b79bb8b5

    • SHA256

      9c8da5e9066870d85f7eb7b1bebd7cefcb32ce5a5df1a9e92eeb27a9c8bbcfb3

    • SHA512

      ae948c175a0bfeca0bb6df4d4ad0e78cfc5e423bd71056edcdf7d8313d13b014e5e89c6328aa05fd1a1dfd620c82bf0ca2a34ede2d60f26e661b665284f340eb

    • SSDEEP

      1536:VNloBcyYG96pO/PtyKBoBqYWxX0LHj/73Tvr6gtPRQPDbEyRCRRRoR4Rk:HqYRO/JBoB9WxX1UPenEy032ya

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks