General

  • Target

    6fed2c85d4f607038bbad92748373ce7d72a53dd71ed3ee06ba986ef78391afaN

  • Size

    71KB

  • Sample

    241110-nzc95ayrdn

  • MD5

    c6e1f4a33f40383dc3d07883aedd6020

  • SHA1

    494a51376e9a50e9347479f100d23eeb57d815e9

  • SHA256

    6fed2c85d4f607038bbad92748373ce7d72a53dd71ed3ee06ba986ef78391afa

  • SHA512

    bb9babde8201296d8db2445d720b9eda501b3cd85c78e7a557b89b42771c7b74f5e4073498121da928cfde15daf1582463ac33544938f046a3342496605062f2

  • SSDEEP

    1536:te/zW6v+rimUdTEzwQgfL0FU1MPLIPoNLoz+pRQRpK1P+ATT:tTz2bL0FU1oIPoNLneWP+A3

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6fed2c85d4f607038bbad92748373ce7d72a53dd71ed3ee06ba986ef78391afaN

    • Size

      71KB

    • MD5

      c6e1f4a33f40383dc3d07883aedd6020

    • SHA1

      494a51376e9a50e9347479f100d23eeb57d815e9

    • SHA256

      6fed2c85d4f607038bbad92748373ce7d72a53dd71ed3ee06ba986ef78391afa

    • SHA512

      bb9babde8201296d8db2445d720b9eda501b3cd85c78e7a557b89b42771c7b74f5e4073498121da928cfde15daf1582463ac33544938f046a3342496605062f2

    • SSDEEP

      1536:te/zW6v+rimUdTEzwQgfL0FU1MPLIPoNLoz+pRQRpK1P+ATT:tTz2bL0FU1oIPoNLneWP+A3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks