General

  • Target

    ac2fd906161b3202affcdd24d2fce7b528296274f4988a732b1cf5ee99277845N

  • Size

    128KB

  • Sample

    241112-nn4yps1kas

  • MD5

    baa79458011bd4bcb4696f684558a520

  • SHA1

    6ba625333d50027bb8ad43628c4ac85a707c0d77

  • SHA256

    ac2fd906161b3202affcdd24d2fce7b528296274f4988a732b1cf5ee99277845

  • SHA512

    9598ff20ea3b5c6b0a7d03c12b0742aa4525a2e47f6d2512720fa5e47ccf9d034b4c25eaee5bb81a4a439b472b5024f227e08fe03e2a18659548fb52c2b833f5

  • SSDEEP

    3072:4Q4tWe9l3SlV5C8cYeq9pui6yYPaI7DehizrVtNq:4FW+lilVI8m0pui6yYPaIGcs

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ac2fd906161b3202affcdd24d2fce7b528296274f4988a732b1cf5ee99277845N

    • Size

      128KB

    • MD5

      baa79458011bd4bcb4696f684558a520

    • SHA1

      6ba625333d50027bb8ad43628c4ac85a707c0d77

    • SHA256

      ac2fd906161b3202affcdd24d2fce7b528296274f4988a732b1cf5ee99277845

    • SHA512

      9598ff20ea3b5c6b0a7d03c12b0742aa4525a2e47f6d2512720fa5e47ccf9d034b4c25eaee5bb81a4a439b472b5024f227e08fe03e2a18659548fb52c2b833f5

    • SSDEEP

      3072:4Q4tWe9l3SlV5C8cYeq9pui6yYPaI7DehizrVtNq:4FW+lilVI8m0pui6yYPaIGcs

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks