General

  • Target

    1374f7650d2534033d44c8e3dfac54232c95a9129e3c8d8415efd5a97b8919adN

  • Size

    160KB

  • Sample

    241110-ntfhaswerh

  • MD5

    da07452510a5acd60436b7c273ec8600

  • SHA1

    4bf5eea11f884e0fd466bf542cc64b4ca8b2f6e3

  • SHA256

    1374f7650d2534033d44c8e3dfac54232c95a9129e3c8d8415efd5a97b8919ad

  • SHA512

    f378c90068d4c8862ed09fe8afcc6858964393961ecaf6f11e43f211cd6c3d2d10494f12105373b243de48531b4126bbb6e0565079265958d1dd47907854a6c1

  • SSDEEP

    3072:cqir1TUOWw/B5kpTYGDUdlGzpefw0v0wnJcefSXQHPTTAkvB5DdcgFM9MEl7lFH6:5ir1IOWwgp/4dwz8htnJfKXqPTX7D7Fh

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1374f7650d2534033d44c8e3dfac54232c95a9129e3c8d8415efd5a97b8919adN

    • Size

      160KB

    • MD5

      da07452510a5acd60436b7c273ec8600

    • SHA1

      4bf5eea11f884e0fd466bf542cc64b4ca8b2f6e3

    • SHA256

      1374f7650d2534033d44c8e3dfac54232c95a9129e3c8d8415efd5a97b8919ad

    • SHA512

      f378c90068d4c8862ed09fe8afcc6858964393961ecaf6f11e43f211cd6c3d2d10494f12105373b243de48531b4126bbb6e0565079265958d1dd47907854a6c1

    • SSDEEP

      3072:cqir1TUOWw/B5kpTYGDUdlGzpefw0v0wnJcefSXQHPTTAkvB5DdcgFM9MEl7lFH6:5ir1IOWwgp/4dwz8htnJfKXqPTX7D7Fh

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks