General

  • Target

    0644810e4fb4419cec1af00347154516e23292f3b516a9914f0a717eff5d9157N

  • Size

    128KB

  • Sample

    241110-cekypaxclc

  • MD5

    df07fb857617138413e61b72cb117bc0

  • SHA1

    30146673ac5fe19e0a13ea27609e1843bdc6cdfa

  • SHA256

    0644810e4fb4419cec1af00347154516e23292f3b516a9914f0a717eff5d9157

  • SHA512

    70987f7e2ee86a4f88aaa3a3f7d8ea39d168a9994192892630dc877ed7afc16323d1d8adfeebe25b01dd8d23188406605bd3542f0ede612c20ee02390db0dcad

  • SSDEEP

    1536:aBLRu1xsLLscQ/H5tOtr7x38I0RQDcRfRa9HprmRfRJCLIXG:69psH/YrF3p0eDc5wkpHxG

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0644810e4fb4419cec1af00347154516e23292f3b516a9914f0a717eff5d9157N

    • Size

      128KB

    • MD5

      df07fb857617138413e61b72cb117bc0

    • SHA1

      30146673ac5fe19e0a13ea27609e1843bdc6cdfa

    • SHA256

      0644810e4fb4419cec1af00347154516e23292f3b516a9914f0a717eff5d9157

    • SHA512

      70987f7e2ee86a4f88aaa3a3f7d8ea39d168a9994192892630dc877ed7afc16323d1d8adfeebe25b01dd8d23188406605bd3542f0ede612c20ee02390db0dcad

    • SSDEEP

      1536:aBLRu1xsLLscQ/H5tOtr7x38I0RQDcRfRa9HprmRfRJCLIXG:69psH/YrF3p0eDc5wkpHxG

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks