General

  • Target

    bf1fdb3091b39c794c241a5a20f08a3681252afa0b9f0748af7a30bb37320464N

  • Size

    94KB

  • Sample

    241110-wvdn4asdrf

  • MD5

    60a548456379011ef1e945d512ff8330

  • SHA1

    971c22ca05709f9f7cee8b6c5d40fa71de9a939e

  • SHA256

    bf1fdb3091b39c794c241a5a20f08a3681252afa0b9f0748af7a30bb37320464

  • SHA512

    8d286a7602dcb0c18cb0cb6401bf626551295739daaf69e8486be80c42aadb885d7b106c58e4ce0a5194c5b3862952ae272a45c725172d6b449ad23ef5a926bf

  • SSDEEP

    1536:wiGTzL61+ubhL7PfXCjRrpS4wKi/8Xd6AwRQD5RfRa9HprmRfRZ:5czLK+sX2G9ENvweD55wkpv

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bf1fdb3091b39c794c241a5a20f08a3681252afa0b9f0748af7a30bb37320464N

    • Size

      94KB

    • MD5

      60a548456379011ef1e945d512ff8330

    • SHA1

      971c22ca05709f9f7cee8b6c5d40fa71de9a939e

    • SHA256

      bf1fdb3091b39c794c241a5a20f08a3681252afa0b9f0748af7a30bb37320464

    • SHA512

      8d286a7602dcb0c18cb0cb6401bf626551295739daaf69e8486be80c42aadb885d7b106c58e4ce0a5194c5b3862952ae272a45c725172d6b449ad23ef5a926bf

    • SSDEEP

      1536:wiGTzL61+ubhL7PfXCjRrpS4wKi/8Xd6AwRQD5RfRa9HprmRfRZ:5czLK+sX2G9ENvweD55wkpv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks