General

  • Target

    f5d80436f44789575fe0da53466fabb3c386be4d0fed71aa0ae1c118f4063b83N

  • Size

    320KB

  • Sample

    241110-r6x5nayjh1

  • MD5

    e20c89b06cac398baf71c3e295307fb0

  • SHA1

    eadbd556dde4b48306cb5e90f35c6043e93c2135

  • SHA256

    f5d80436f44789575fe0da53466fabb3c386be4d0fed71aa0ae1c118f4063b83

  • SHA512

    6138d24018546329fa8602877790a53dd0548aaecbacc31382ddf1bbe157eecbf4b434d80c5c9a9e54fb85e3bb3da2405c4a558848c7cd508db0c9807a8c4756

  • SSDEEP

    6144:GJV2AThKbLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N1I0lS:eddYJ07kE0KoFtw2gu9RxrBIUbPLwH9J

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f5d80436f44789575fe0da53466fabb3c386be4d0fed71aa0ae1c118f4063b83N

    • Size

      320KB

    • MD5

      e20c89b06cac398baf71c3e295307fb0

    • SHA1

      eadbd556dde4b48306cb5e90f35c6043e93c2135

    • SHA256

      f5d80436f44789575fe0da53466fabb3c386be4d0fed71aa0ae1c118f4063b83

    • SHA512

      6138d24018546329fa8602877790a53dd0548aaecbacc31382ddf1bbe157eecbf4b434d80c5c9a9e54fb85e3bb3da2405c4a558848c7cd508db0c9807a8c4756

    • SSDEEP

      6144:GJV2AThKbLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N1I0lS:eddYJ07kE0KoFtw2gu9RxrBIUbPLwH9J

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks