General

  • Target

    db8ed6f1fda707ddd331ee1c0618151b75c07fc71b65a15e7ffe230a2b4149ce.exe

  • Size

    71KB

  • Sample

    241111-m2nm7sxpcv

  • MD5

    a672eb4c261212918db391c6a1f0a97c

  • SHA1

    3152a2361bda705bc17a0afce1d3917da190f886

  • SHA256

    db8ed6f1fda707ddd331ee1c0618151b75c07fc71b65a15e7ffe230a2b4149ce

  • SHA512

    69b5d24e4aee00e84e31df656c5e5b6dd3fc785ffc3ebf764076ec646a667ba503c227063ef59f950eeb4a7b30eb6a09f28681c0ea5d6a9b8a76dd0736790a82

  • SSDEEP

    1536:138SfGjvGIwaHMmIhsYeZatGKL5cIPR2VvtvvpppD3ZFyroRQGK1P+ATTE:13/oGIlMmIzeAGJHyEeNP+A3E

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      db8ed6f1fda707ddd331ee1c0618151b75c07fc71b65a15e7ffe230a2b4149ce.exe

    • Size

      71KB

    • MD5

      a672eb4c261212918db391c6a1f0a97c

    • SHA1

      3152a2361bda705bc17a0afce1d3917da190f886

    • SHA256

      db8ed6f1fda707ddd331ee1c0618151b75c07fc71b65a15e7ffe230a2b4149ce

    • SHA512

      69b5d24e4aee00e84e31df656c5e5b6dd3fc785ffc3ebf764076ec646a667ba503c227063ef59f950eeb4a7b30eb6a09f28681c0ea5d6a9b8a76dd0736790a82

    • SSDEEP

      1536:138SfGjvGIwaHMmIhsYeZatGKL5cIPR2VvtvvpppD3ZFyroRQGK1P+ATTE:13/oGIlMmIzeAGJHyEeNP+A3E

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks