General

  • Target

    199f2c01d0ca0ffb234ab04bc827c27c48326a2f194a2947ee391af392ec604dN

  • Size

    71KB

  • Sample

    241110-qxs9nsxfpr

  • MD5

    cc61b6715bc931bfabfbd9613d3db460

  • SHA1

    db93d5010bb3187925ace7707bf487c27475feab

  • SHA256

    199f2c01d0ca0ffb234ab04bc827c27c48326a2f194a2947ee391af392ec604d

  • SHA512

    307335a6cc1283bbce25c47bce16aae47210c1e2e4c951bf094beb1569ce09a74d8d86027d2788cfe0d1cf50405fc97ac03d2f1e7f193132b28054a1cd4d032f

  • SSDEEP

    1536:v/S2Zz6Elmbmzetxx3u/MMFS92bju14uXtXX111oMlBxe8oU+V1rsU4RQCDbEyRF:H716fbhwkhYs43sBxe4+3rs3e8Ey032t

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      199f2c01d0ca0ffb234ab04bc827c27c48326a2f194a2947ee391af392ec604dN

    • Size

      71KB

    • MD5

      cc61b6715bc931bfabfbd9613d3db460

    • SHA1

      db93d5010bb3187925ace7707bf487c27475feab

    • SHA256

      199f2c01d0ca0ffb234ab04bc827c27c48326a2f194a2947ee391af392ec604d

    • SHA512

      307335a6cc1283bbce25c47bce16aae47210c1e2e4c951bf094beb1569ce09a74d8d86027d2788cfe0d1cf50405fc97ac03d2f1e7f193132b28054a1cd4d032f

    • SSDEEP

      1536:v/S2Zz6Elmbmzetxx3u/MMFS92bju14uXtXX111oMlBxe8oU+V1rsU4RQCDbEyRF:H716fbhwkhYs43sBxe4+3rs3e8Ey032t

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks