General

  • Target

    992b9c9993b555e8340312866ab1875b6f732feb06544e4bdfd56d626e2d24f8N.exe

  • Size

    128KB

  • Sample

    241112-rpz8pavbkh

  • MD5

    ffc6eb1d26e4af0dcbfa5ad356d59dc0

  • SHA1

    cc5610831d757925ccef1ed9cfb2d622e68cc882

  • SHA256

    992b9c9993b555e8340312866ab1875b6f732feb06544e4bdfd56d626e2d24f8

  • SHA512

    f9964828c457ee8657f2d6ceb90f500ea349cf97a099aaf4dbf15bc180e05913d3019eb0edcb1d14c108b0286522d1e60e70a5917d3f36c7f1100df1479be69b

  • SSDEEP

    1536:tAWEIfZ8Kz0hmEmt8PyCMOqo0t873yB/454arYpA1gPwlCRQDGRfRa9HprmRfRJ:tABIhBYAZtZOqQyZlzYseDG5wkpHxG

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      992b9c9993b555e8340312866ab1875b6f732feb06544e4bdfd56d626e2d24f8N.exe

    • Size

      128KB

    • MD5

      ffc6eb1d26e4af0dcbfa5ad356d59dc0

    • SHA1

      cc5610831d757925ccef1ed9cfb2d622e68cc882

    • SHA256

      992b9c9993b555e8340312866ab1875b6f732feb06544e4bdfd56d626e2d24f8

    • SHA512

      f9964828c457ee8657f2d6ceb90f500ea349cf97a099aaf4dbf15bc180e05913d3019eb0edcb1d14c108b0286522d1e60e70a5917d3f36c7f1100df1479be69b

    • SSDEEP

      1536:tAWEIfZ8Kz0hmEmt8PyCMOqo0t873yB/454arYpA1gPwlCRQDGRfRa9HprmRfRJ:tABIhBYAZtZOqQyZlzYseDG5wkpHxG

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks