General

  • Target

    3163b415b4552c08f3dfb8cdd479e5ffc1f4d678935192187686b4026b0012d8N.exe

  • Size

    411KB

  • Sample

    241112-q83x9atgnp

  • MD5

    e74b2b860a0af4a3592ac2dc02e13470

  • SHA1

    3c63f54f8a98e09c5b57b87aac903c43dbcaacda

  • SHA256

    3163b415b4552c08f3dfb8cdd479e5ffc1f4d678935192187686b4026b0012d8

  • SHA512

    f165f6f4e0592927ce002808271862a8e364584836b5d0f0fcc331bd440ababb32f3184664c72d076f0cf8b765028a7b8957a0275bd2c67659ea44b97a393bb6

  • SSDEEP

    6144:V9d8VehzXjOYpui6yYPaIGckpyWO63t5YNpui6yYP:TdkCzXjOYpV6yYPI3cpV6yYP

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3163b415b4552c08f3dfb8cdd479e5ffc1f4d678935192187686b4026b0012d8N.exe

    • Size

      411KB

    • MD5

      e74b2b860a0af4a3592ac2dc02e13470

    • SHA1

      3c63f54f8a98e09c5b57b87aac903c43dbcaacda

    • SHA256

      3163b415b4552c08f3dfb8cdd479e5ffc1f4d678935192187686b4026b0012d8

    • SHA512

      f165f6f4e0592927ce002808271862a8e364584836b5d0f0fcc331bd440ababb32f3184664c72d076f0cf8b765028a7b8957a0275bd2c67659ea44b97a393bb6

    • SSDEEP

      6144:V9d8VehzXjOYpui6yYPaIGckpyWO63t5YNpui6yYP:TdkCzXjOYpV6yYPI3cpV6yYP

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks