General

  • Target

    e6049cf8aeadc02e169ebba16568b2ed50111c57e97300672d90ecd800c79103N

  • Size

    285KB

  • Sample

    241110-rt1p1sxras

  • MD5

    f5a44936c919363bdfdceb7b66b47940

  • SHA1

    192fd463a68b9ce4dc8a9e081b039d1cc18e9f3e

  • SHA256

    e6049cf8aeadc02e169ebba16568b2ed50111c57e97300672d90ecd800c79103

  • SHA512

    25ba3b28445c49e52371c065de4218f8d2cb5359e23ca6709047cf20a407e6fc5e3ae576852fd3cee444c38a0e67c208108d7b288b19cdcb1a5b98b429964e8a

  • SSDEEP

    3072:VyGZxMptyxmmDA6b9AuW53n8ezKVcbMloVRr3uMg0kAqSxYiJ2QM4GKch:VRZ+Ixmm8OAuW533zKQIoi7tWa

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e6049cf8aeadc02e169ebba16568b2ed50111c57e97300672d90ecd800c79103N

    • Size

      285KB

    • MD5

      f5a44936c919363bdfdceb7b66b47940

    • SHA1

      192fd463a68b9ce4dc8a9e081b039d1cc18e9f3e

    • SHA256

      e6049cf8aeadc02e169ebba16568b2ed50111c57e97300672d90ecd800c79103

    • SHA512

      25ba3b28445c49e52371c065de4218f8d2cb5359e23ca6709047cf20a407e6fc5e3ae576852fd3cee444c38a0e67c208108d7b288b19cdcb1a5b98b429964e8a

    • SSDEEP

      3072:VyGZxMptyxmmDA6b9AuW53n8ezKVcbMloVRr3uMg0kAqSxYiJ2QM4GKch:VRZ+Ixmm8OAuW533zKQIoi7tWa

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks