General

  • Target

    9bc91fa8e2a9be821875f2f83580641e65d10994a99dd7036e8fdd57f0f5b26fN

  • Size

    448KB

  • Sample

    241110-sq2zcasnfq

  • MD5

    f4e07f1fd7226175bc01cffffd22f770

  • SHA1

    7f3cbfdbbf53375674e3e880661d84b38919c688

  • SHA256

    9bc91fa8e2a9be821875f2f83580641e65d10994a99dd7036e8fdd57f0f5b26f

  • SHA512

    1efe1d33917eb67d3d4d46997b69413ee83be254b4460837e41ce0e9f55b7530f846dab89ca028a8bdef643d9b16cf493f6fa8300960a744720ed746f9834c7b

  • SSDEEP

    6144:fJHJHUDzCKmCAkOCOu0EajNVBZr6y2WX:VJHkj

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9bc91fa8e2a9be821875f2f83580641e65d10994a99dd7036e8fdd57f0f5b26fN

    • Size

      448KB

    • MD5

      f4e07f1fd7226175bc01cffffd22f770

    • SHA1

      7f3cbfdbbf53375674e3e880661d84b38919c688

    • SHA256

      9bc91fa8e2a9be821875f2f83580641e65d10994a99dd7036e8fdd57f0f5b26f

    • SHA512

      1efe1d33917eb67d3d4d46997b69413ee83be254b4460837e41ce0e9f55b7530f846dab89ca028a8bdef643d9b16cf493f6fa8300960a744720ed746f9834c7b

    • SSDEEP

      6144:fJHJHUDzCKmCAkOCOu0EajNVBZr6y2WX:VJHkj

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks