General

  • Target

    ebd9c281468264635ddad317111dfd9a43f8681094218bdeabf2236d7f3b185cN.exe

  • Size

    87KB

  • Sample

    241112-qy9m2ssnht

  • MD5

    de555342355aa3123d8c97d7a9cc2706

  • SHA1

    add107724ffeb1080f467e4a46bf0aab433d858b

  • SHA256

    acaf545572c0018c632ab83ae707a4c2ab05c7efca8b91991bf6382d2d622f5d

  • SHA512

    ad6c43d1a97fe4efee5c862c0234bf293c4813167827941792b58c9639368efeaf272076997bd39db114967720ee5cacb9ab071b4a38f08cfda1ba8d6b217f43

  • SSDEEP

    1536:xuNPU1Jj9L+1oCJpGUH7L5LL111YR/OKgQ/dRQ4ORSRBDNrR0RVe7R6R8RPD2za:wRWjJEdpDKObQVeXAnDlmbGcGFDea

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ebd9c281468264635ddad317111dfd9a43f8681094218bdeabf2236d7f3b185cN.exe

    • Size

      87KB

    • MD5

      de555342355aa3123d8c97d7a9cc2706

    • SHA1

      add107724ffeb1080f467e4a46bf0aab433d858b

    • SHA256

      acaf545572c0018c632ab83ae707a4c2ab05c7efca8b91991bf6382d2d622f5d

    • SHA512

      ad6c43d1a97fe4efee5c862c0234bf293c4813167827941792b58c9639368efeaf272076997bd39db114967720ee5cacb9ab071b4a38f08cfda1ba8d6b217f43

    • SSDEEP

      1536:xuNPU1Jj9L+1oCJpGUH7L5LL111YR/OKgQ/dRQ4ORSRBDNrR0RVe7R6R8RPD2za:wRWjJEdpDKObQVeXAnDlmbGcGFDea

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks