General

  • Target

    8f5de93576484f382b8ed5055a17b1853d744f073fb4da929dc4d0d8e197d863N.exe

  • Size

    93KB

  • Sample

    241112-q6be8axken

  • MD5

    c67665d5732f971a4c2ef202836c4220

  • SHA1

    cc7878c061415e034d1ff42f14100a09c12f2029

  • SHA256

    8f5de93576484f382b8ed5055a17b1853d744f073fb4da929dc4d0d8e197d863

  • SHA512

    e269c99ec1a55f7cc901c573656b405c7db5f81b8fba5fc020afe2f5607194fec51ee6e7de8b92a12f5438b122b80c3de5cc93a6176f040ff1e3591d814075a3

  • SSDEEP

    1536:EV3k1In4Udovktf+3JNn1UvJB/aOHoToRQApRJJ5R2xOSC4Bus3cO57OWxXPu4nT:G3k1Y4xvktf+331UxlaOH5eqrJ5wxO3A

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8f5de93576484f382b8ed5055a17b1853d744f073fb4da929dc4d0d8e197d863N.exe

    • Size

      93KB

    • MD5

      c67665d5732f971a4c2ef202836c4220

    • SHA1

      cc7878c061415e034d1ff42f14100a09c12f2029

    • SHA256

      8f5de93576484f382b8ed5055a17b1853d744f073fb4da929dc4d0d8e197d863

    • SHA512

      e269c99ec1a55f7cc901c573656b405c7db5f81b8fba5fc020afe2f5607194fec51ee6e7de8b92a12f5438b122b80c3de5cc93a6176f040ff1e3591d814075a3

    • SSDEEP

      1536:EV3k1In4Udovktf+3JNn1UvJB/aOHoToRQApRJJ5R2xOSC4Bus3cO57OWxXPu4nT:G3k1Y4xvktf+331UxlaOH5eqrJ5wxO3A

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks