General

  • Target

    f750583f596579dd5f71f47825ba3a9c3fc4e38f3c19d923fa1246da3a0c1a48N

  • Size

    304KB

  • Sample

    241111-qa82lszdqh

  • MD5

    c1f0864a3af14dfc92c9a008488edaf0

  • SHA1

    d6bfe26d8fec319228b243d99515450722eb257d

  • SHA256

    f750583f596579dd5f71f47825ba3a9c3fc4e38f3c19d923fa1246da3a0c1a48

  • SHA512

    f52af936b668e396b406fe52faf7e7231e9204edbc49fb64bed7c0f2ec87ecdeaa935f20b1698896062fe5334a7ed1e31098730446805534f432506c5a81d585

  • SSDEEP

    3072:Vk1jUElyC0/inSIA+XD3qeAejz+k5rD0LZSnulc0VP7SnHjg:Vk1j0tiSIzTRAEKIrD0Lu

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f750583f596579dd5f71f47825ba3a9c3fc4e38f3c19d923fa1246da3a0c1a48N

    • Size

      304KB

    • MD5

      c1f0864a3af14dfc92c9a008488edaf0

    • SHA1

      d6bfe26d8fec319228b243d99515450722eb257d

    • SHA256

      f750583f596579dd5f71f47825ba3a9c3fc4e38f3c19d923fa1246da3a0c1a48

    • SHA512

      f52af936b668e396b406fe52faf7e7231e9204edbc49fb64bed7c0f2ec87ecdeaa935f20b1698896062fe5334a7ed1e31098730446805534f432506c5a81d585

    • SSDEEP

      3072:Vk1jUElyC0/inSIA+XD3qeAejz+k5rD0LZSnulc0VP7SnHjg:Vk1j0tiSIzTRAEKIrD0Lu

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks