General

  • Target

    bbc57c903cf7336edda86300f273b323dcbe384ce1238b22ebb1211258893214N

  • Size

    302KB

  • Sample

    241111-mxk2hsybrl

  • MD5

    cef5174472302f5908d8c37e3539dfa0

  • SHA1

    506235b1f6ec4de6cc5b818ccd16c94f47eba09c

  • SHA256

    bbc57c903cf7336edda86300f273b323dcbe384ce1238b22ebb1211258893214

  • SHA512

    a6c49930c9fee7c41183971e39bc6fc39315fce342a1eb5860e20bf2a43d748a9566e99a2bcf0c4ca9cd6c38cca89832cd4624f7610c27b24d75761220cb43f8

  • SSDEEP

    6144:d5zLTLG9QGL7GNlighD4lTjZXvEQo9dfEORRAgnIlY1:d5XT699v8lXhuT9XvEhdfEmwlY1

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bbc57c903cf7336edda86300f273b323dcbe384ce1238b22ebb1211258893214N

    • Size

      302KB

    • MD5

      cef5174472302f5908d8c37e3539dfa0

    • SHA1

      506235b1f6ec4de6cc5b818ccd16c94f47eba09c

    • SHA256

      bbc57c903cf7336edda86300f273b323dcbe384ce1238b22ebb1211258893214

    • SHA512

      a6c49930c9fee7c41183971e39bc6fc39315fce342a1eb5860e20bf2a43d748a9566e99a2bcf0c4ca9cd6c38cca89832cd4624f7610c27b24d75761220cb43f8

    • SSDEEP

      6144:d5zLTLG9QGL7GNlighD4lTjZXvEQo9dfEORRAgnIlY1:d5XT699v8lXhuT9XvEhdfEmwlY1

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks