General

  • Target

    f8c52d9a2e85b310f51adc52d49a2b56525d7a7b14186710c336f3367364b1c3N

  • Size

    99KB

  • Sample

    241110-s248vasqdq

  • MD5

    0756499a90f47a7eaa9553efd5381c60

  • SHA1

    d2eab384423fe9fe35cbbc5cad18505ba37eb31d

  • SHA256

    f8c52d9a2e85b310f51adc52d49a2b56525d7a7b14186710c336f3367364b1c3

  • SHA512

    2d61d8e98bfbd37f06b05e39a2e2923decc2879c85c346520df99d10abc9eb78ded7db0d6dac6863568975b53fdefc0fd13caae7f708bc91aa455f38340e64f2

  • SSDEEP

    3072:jbETy/1OBGWsjBZey9pwoTRBmDRGGurhUI:jY/Gwrm7UI

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f8c52d9a2e85b310f51adc52d49a2b56525d7a7b14186710c336f3367364b1c3N

    • Size

      99KB

    • MD5

      0756499a90f47a7eaa9553efd5381c60

    • SHA1

      d2eab384423fe9fe35cbbc5cad18505ba37eb31d

    • SHA256

      f8c52d9a2e85b310f51adc52d49a2b56525d7a7b14186710c336f3367364b1c3

    • SHA512

      2d61d8e98bfbd37f06b05e39a2e2923decc2879c85c346520df99d10abc9eb78ded7db0d6dac6863568975b53fdefc0fd13caae7f708bc91aa455f38340e64f2

    • SSDEEP

      3072:jbETy/1OBGWsjBZey9pwoTRBmDRGGurhUI:jY/Gwrm7UI

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks