General

  • Target

    b52aa55bb96811ab9c9180ec97526cf201449e66673748ada48c8f079b07f5ea.exe

  • Size

    322KB

  • Sample

    241113-1nsa5atjfm

  • MD5

    aaa03ce193372f1cf173d0868d9e55aa

  • SHA1

    47edcc4b8fcce4bc591c44c2f4be8f8878fe1d0a

  • SHA256

    b52aa55bb96811ab9c9180ec97526cf201449e66673748ada48c8f079b07f5ea

  • SHA512

    216c10396fb682026534c8b35ae0c18f6e3406ff88da497237f537edcf46296f78e69784a706569cf5a7e7b7f648f1a2ab6051216ac1814b0547aa9a1fc2f009

  • SSDEEP

    1536:wPthV6CGTyb8rA9gTbqLnSe7rTUXgve1CS1doRQCTmDhdF+PhJFTq1dlCsTx4LBB:ihViGb8k8qhiagCS1doeCSVGZ3Odl2

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b52aa55bb96811ab9c9180ec97526cf201449e66673748ada48c8f079b07f5ea.exe

    • Size

      322KB

    • MD5

      aaa03ce193372f1cf173d0868d9e55aa

    • SHA1

      47edcc4b8fcce4bc591c44c2f4be8f8878fe1d0a

    • SHA256

      b52aa55bb96811ab9c9180ec97526cf201449e66673748ada48c8f079b07f5ea

    • SHA512

      216c10396fb682026534c8b35ae0c18f6e3406ff88da497237f537edcf46296f78e69784a706569cf5a7e7b7f648f1a2ab6051216ac1814b0547aa9a1fc2f009

    • SSDEEP

      1536:wPthV6CGTyb8rA9gTbqLnSe7rTUXgve1CS1doRQCTmDhdF+PhJFTq1dlCsTx4LBB:ihViGb8k8qhiagCS1doeCSVGZ3Odl2

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks