General

  • Target

    9ca9f45eadce907beb13a7217a695c4ec75dbbc7e8e369ec3e959ce21707d881

  • Size

    249KB

  • Sample

    241110-bbzr1awcmq

  • MD5

    f5804954d083bd23e9749ff7088ba83f

  • SHA1

    4a910120f16ae1b2170f5057e162a72397f06111

  • SHA256

    9ca9f45eadce907beb13a7217a695c4ec75dbbc7e8e369ec3e959ce21707d881

  • SHA512

    786556853a91caa2463df7331bcb2ffa25aa4e2ea7fb3e85d1467834784c44947ba473aafbaba599ed55a1326656bc8c22ea9580963ef93650d7ea632afe64c3

  • SSDEEP

    3072:U2c/nAWn+Ijti1i00n3f39e3UEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2or:Y/nMd1iJf3AkEdGTBki5CYtI8TAokZ

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9ca9f45eadce907beb13a7217a695c4ec75dbbc7e8e369ec3e959ce21707d881

    • Size

      249KB

    • MD5

      f5804954d083bd23e9749ff7088ba83f

    • SHA1

      4a910120f16ae1b2170f5057e162a72397f06111

    • SHA256

      9ca9f45eadce907beb13a7217a695c4ec75dbbc7e8e369ec3e959ce21707d881

    • SHA512

      786556853a91caa2463df7331bcb2ffa25aa4e2ea7fb3e85d1467834784c44947ba473aafbaba599ed55a1326656bc8c22ea9580963ef93650d7ea632afe64c3

    • SSDEEP

      3072:U2c/nAWn+Ijti1i00n3f39e3UEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2or:Y/nMd1iJf3AkEdGTBki5CYtI8TAokZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks