General

  • Target

    5a983cabb08dd7d5b78943bbc81b7a1fe5d94cdb4e3a6379d35322d631a0e1e9N

  • Size

    299KB

  • Sample

    241110-mqjvwavhke

  • MD5

    a8d3526ef807a8218a910a1ae34a0a00

  • SHA1

    64b9e4f4d7475c8bca53ed650517221fe3f0fca2

  • SHA256

    5a983cabb08dd7d5b78943bbc81b7a1fe5d94cdb4e3a6379d35322d631a0e1e9

  • SHA512

    c26c54102d50f8876f72e12a3c3afe6daa16731c20f92c81482789a7f1a1d665a1f9887aecb36db47ec7e2ef3d6e02bcd4eb8f8fd374613325e4eb7983e47a0c

  • SSDEEP

    3072:MRZlU5FM0pGlJ/gMfSfZFweJUEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2ov:MRZ20gMfgOEdGTBki5CYtI8TAokZ2EA

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5a983cabb08dd7d5b78943bbc81b7a1fe5d94cdb4e3a6379d35322d631a0e1e9N

    • Size

      299KB

    • MD5

      a8d3526ef807a8218a910a1ae34a0a00

    • SHA1

      64b9e4f4d7475c8bca53ed650517221fe3f0fca2

    • SHA256

      5a983cabb08dd7d5b78943bbc81b7a1fe5d94cdb4e3a6379d35322d631a0e1e9

    • SHA512

      c26c54102d50f8876f72e12a3c3afe6daa16731c20f92c81482789a7f1a1d665a1f9887aecb36db47ec7e2ef3d6e02bcd4eb8f8fd374613325e4eb7983e47a0c

    • SSDEEP

      3072:MRZlU5FM0pGlJ/gMfSfZFweJUEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2ov:MRZ20gMfgOEdGTBki5CYtI8TAokZ2EA

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks