General

  • Target

    8771a3f1cb5cc7194afcd7bbc690cedccbba21e87c229fc63504055024c80aa4N

  • Size

    128KB

  • Sample

    241110-qk8tlazrhl

  • MD5

    74a1c1815f3760d6b183148f74450f60

  • SHA1

    1f5332bde1aec740af5e2a1b7627f73ebea3f1f6

  • SHA256

    8771a3f1cb5cc7194afcd7bbc690cedccbba21e87c229fc63504055024c80aa4

  • SHA512

    ea92f9401f58c20c8974b74c10092c9c73617bc37041d4f4b0052da30fc8ad3568b65fe328b2e9573743b13d1163ff7cc687fbd5a3da4d9c6af47f2de925fcbd

  • SSDEEP

    3072:0l4y1t0gNwtsuw/G/Oy/sowseD15wkpHxG:0lf3buS7ynKUCA

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8771a3f1cb5cc7194afcd7bbc690cedccbba21e87c229fc63504055024c80aa4N

    • Size

      128KB

    • MD5

      74a1c1815f3760d6b183148f74450f60

    • SHA1

      1f5332bde1aec740af5e2a1b7627f73ebea3f1f6

    • SHA256

      8771a3f1cb5cc7194afcd7bbc690cedccbba21e87c229fc63504055024c80aa4

    • SHA512

      ea92f9401f58c20c8974b74c10092c9c73617bc37041d4f4b0052da30fc8ad3568b65fe328b2e9573743b13d1163ff7cc687fbd5a3da4d9c6af47f2de925fcbd

    • SSDEEP

      3072:0l4y1t0gNwtsuw/G/Oy/sowseD15wkpHxG:0lf3buS7ynKUCA

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks