General

  • Target

    4a7b7a86d83e13e47065ea1812358f9d58d44ea53242f06b3c9c43da4c23d4ccN

  • Size

    448KB

  • Sample

    241110-xaax5ssjcs

  • MD5

    ea34192cf52f5371c3818578d137d080

  • SHA1

    e4332a0a4c14d412af6948e15b1c959f6cf76257

  • SHA256

    4a7b7a86d83e13e47065ea1812358f9d58d44ea53242f06b3c9c43da4c23d4cc

  • SHA512

    3b79c7cba5f43780c1e6168ecdd515f8b62e9db60d52877b4b8bce311575044a6672571dc945fc3d9b5d1e20d5a5f8a56a567ab64a2a3f44238105ba6f412ed9

  • SSDEEP

    6144:ZvsBYKOnR1IVDC1CAkOCOu0EajNVBZr6y2WX:ZvsWnR1O7

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4a7b7a86d83e13e47065ea1812358f9d58d44ea53242f06b3c9c43da4c23d4ccN

    • Size

      448KB

    • MD5

      ea34192cf52f5371c3818578d137d080

    • SHA1

      e4332a0a4c14d412af6948e15b1c959f6cf76257

    • SHA256

      4a7b7a86d83e13e47065ea1812358f9d58d44ea53242f06b3c9c43da4c23d4cc

    • SHA512

      3b79c7cba5f43780c1e6168ecdd515f8b62e9db60d52877b4b8bce311575044a6672571dc945fc3d9b5d1e20d5a5f8a56a567ab64a2a3f44238105ba6f412ed9

    • SSDEEP

      6144:ZvsBYKOnR1IVDC1CAkOCOu0EajNVBZr6y2WX:ZvsWnR1O7

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks