General

  • Target

    8f0076472a840a18af1b37d3a2967c033d19b74049cda7ca07e9fdca487d0759N.exe

  • Size

    592KB

  • Sample

    241112-q6ms9atglb

  • MD5

    b36e8f37586f09309a9818e29b410588

  • SHA1

    8a91bf85320c5451166b0b1a2afbc325d059fdb2

  • SHA256

    c2afe7bdbc33af4995fa39f904a1dcb647b3e66423786d193149ab7ef8ceb233

  • SHA512

    1e44d4026fe1685a36c82038343cb90a90da636ccf85dbc51f72cf26aec9ae4aec6c3887ddf5d6504c79d90c98dfd8c93623e6b5e3219137971240c479704455

  • SSDEEP

    6144:ANax8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrloBNTNxaaqk9a50:l87g7/VycgE81lgxaa79y0

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8f0076472a840a18af1b37d3a2967c033d19b74049cda7ca07e9fdca487d0759N.exe

    • Size

      592KB

    • MD5

      b36e8f37586f09309a9818e29b410588

    • SHA1

      8a91bf85320c5451166b0b1a2afbc325d059fdb2

    • SHA256

      c2afe7bdbc33af4995fa39f904a1dcb647b3e66423786d193149ab7ef8ceb233

    • SHA512

      1e44d4026fe1685a36c82038343cb90a90da636ccf85dbc51f72cf26aec9ae4aec6c3887ddf5d6504c79d90c98dfd8c93623e6b5e3219137971240c479704455

    • SSDEEP

      6144:ANax8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrloBNTNxaaqk9a50:l87g7/VycgE81lgxaa79y0

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks