General

  • Target

    bb5c0282149511181e0dfbd03fee7b39f237c8f51857177a0fdd3316e3044970

  • Size

    482KB

  • Sample

    241110-clpkfswpes

  • MD5

    bb87c569a28dab31762e72c94d9d48a1

  • SHA1

    8eb7272c178eaf35d97753c5dca83a2a297f90e6

  • SHA256

    bb5c0282149511181e0dfbd03fee7b39f237c8f51857177a0fdd3316e3044970

  • SHA512

    bb6ae1784385452d8da9b0f1ea5921653db5dbc7faa38b492c7540bb00b39852d89d0d2553a6f45993e2f953644d7e77be9b3c9003065b2fde9231b24c8b1fe0

  • SSDEEP

    12288:BVvvJSLrpV6yYP4rbpV6yYPg058KpV6yYP8OThj:7JSLrW4XWleKW8OThj

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bb5c0282149511181e0dfbd03fee7b39f237c8f51857177a0fdd3316e3044970

    • Size

      482KB

    • MD5

      bb87c569a28dab31762e72c94d9d48a1

    • SHA1

      8eb7272c178eaf35d97753c5dca83a2a297f90e6

    • SHA256

      bb5c0282149511181e0dfbd03fee7b39f237c8f51857177a0fdd3316e3044970

    • SHA512

      bb6ae1784385452d8da9b0f1ea5921653db5dbc7faa38b492c7540bb00b39852d89d0d2553a6f45993e2f953644d7e77be9b3c9003065b2fde9231b24c8b1fe0

    • SSDEEP

      12288:BVvvJSLrpV6yYP4rbpV6yYPg058KpV6yYP8OThj:7JSLrW4XWleKW8OThj

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks