General

  • Target

    b22488798754ccca065e30bc1c70cace8e92e7607746c5aa0181f4df0866a935N

  • Size

    71KB

  • Sample

    241110-tyv2fatnak

  • MD5

    aad55352c23e9474e608a251099f0610

  • SHA1

    bc2b43a7132506664bc566c1d3b910dcaccb6c36

  • SHA256

    b22488798754ccca065e30bc1c70cace8e92e7607746c5aa0181f4df0866a935

  • SHA512

    88abb9d54900e5230e0148cc8e03c347a5591e06f6e95e24dd0604216f605394e4b2ddc2cb3f0d7c8f01d06115ef87a716efba1cb2d22bd3279514121f061657

  • SSDEEP

    1536:skL9tYZqbT6cIF4I35KCz2T9wR6zBilWGyNtT7lRQHK1P+ATT:Vg45S5KC6BktkBe6P+A3

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b22488798754ccca065e30bc1c70cace8e92e7607746c5aa0181f4df0866a935N

    • Size

      71KB

    • MD5

      aad55352c23e9474e608a251099f0610

    • SHA1

      bc2b43a7132506664bc566c1d3b910dcaccb6c36

    • SHA256

      b22488798754ccca065e30bc1c70cace8e92e7607746c5aa0181f4df0866a935

    • SHA512

      88abb9d54900e5230e0148cc8e03c347a5591e06f6e95e24dd0604216f605394e4b2ddc2cb3f0d7c8f01d06115ef87a716efba1cb2d22bd3279514121f061657

    • SSDEEP

      1536:skL9tYZqbT6cIF4I35KCz2T9wR6zBilWGyNtT7lRQHK1P+ATT:Vg45S5KC6BktkBe6P+A3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks