General

  • Target

    336d7ae5c35ebbb9e36913215ef6ba2d19b3a62710df8e5933ab3fcc96ead2faN

  • Size

    347KB

  • Sample

    241110-nmxg8sweje

  • MD5

    b45ad1a5bcc9a5d9454936a248144ec0

  • SHA1

    48fe056f366697126f2d95eabe339241b07a9b6f

  • SHA256

    336d7ae5c35ebbb9e36913215ef6ba2d19b3a62710df8e5933ab3fcc96ead2fa

  • SHA512

    da838f3984e10a2a5c916a92a60ee1f1ca1f501e3eaa38a6198c56c502e7cee780b6d59eeeb8d5a57ee7a13b4dddf7031a7e63b36052ae1ba7a2adb6127583f3

  • SSDEEP

    6144:MiPGr5Ox4brq2Ah1FM6234lKm3mo8Yvi4KsLTFM6234lKm3qk9:fOwx4brRGFB24lwR45FB24lEk

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      336d7ae5c35ebbb9e36913215ef6ba2d19b3a62710df8e5933ab3fcc96ead2faN

    • Size

      347KB

    • MD5

      b45ad1a5bcc9a5d9454936a248144ec0

    • SHA1

      48fe056f366697126f2d95eabe339241b07a9b6f

    • SHA256

      336d7ae5c35ebbb9e36913215ef6ba2d19b3a62710df8e5933ab3fcc96ead2fa

    • SHA512

      da838f3984e10a2a5c916a92a60ee1f1ca1f501e3eaa38a6198c56c502e7cee780b6d59eeeb8d5a57ee7a13b4dddf7031a7e63b36052ae1ba7a2adb6127583f3

    • SSDEEP

      6144:MiPGr5Ox4brq2Ah1FM6234lKm3mo8Yvi4KsLTFM6234lKm3qk9:fOwx4brRGFB24lwR45FB24lEk

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks