General

  • Target

    f81ca10c369583a889a9a0aab0cb8331c36a211be0366c508355a7ff526fe853N

  • Size

    923KB

  • Sample

    241111-p43k9azdkd

  • MD5

    ba11f8dca289a48daa712830456f4270

  • SHA1

    f83009579d9e7bedce43e23c945b68d2e87f9683

  • SHA256

    f81ca10c369583a889a9a0aab0cb8331c36a211be0366c508355a7ff526fe853

  • SHA512

    6c3d6ba9285cb8dcd9d24517d288761203c9264b60542847f7643ab65ab50ffb5ff3dd8a4ac8e1eea4cdca22cbfd6efb3de246db7952777e4bd549aad3e90330

  • SSDEEP

    12288:90/JmByvNv54B9f01ZmHByvNv5VwLonfBHLqF1Nw5ILonfByvNv5HO:9EFvr4B9f01ZmQvrUENOVvru

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f81ca10c369583a889a9a0aab0cb8331c36a211be0366c508355a7ff526fe853N

    • Size

      923KB

    • MD5

      ba11f8dca289a48daa712830456f4270

    • SHA1

      f83009579d9e7bedce43e23c945b68d2e87f9683

    • SHA256

      f81ca10c369583a889a9a0aab0cb8331c36a211be0366c508355a7ff526fe853

    • SHA512

      6c3d6ba9285cb8dcd9d24517d288761203c9264b60542847f7643ab65ab50ffb5ff3dd8a4ac8e1eea4cdca22cbfd6efb3de246db7952777e4bd549aad3e90330

    • SSDEEP

      12288:90/JmByvNv54B9f01ZmHByvNv5VwLonfBHLqF1Nw5ILonfByvNv5HO:9EFvr4B9f01ZmQvrUENOVvru

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks