General

  • Target

    49161c68064449a51be81b9c04c48eb2d8dc8e3b12ac9394f29fefcadff4353d

  • Size

    111KB

  • Sample

    241113-1pvgwazeng

  • MD5

    58a37e7ef21f08b45200018141f87698

  • SHA1

    42029a32f1e930ce8fc0653a3d29d763393d66bc

  • SHA256

    49161c68064449a51be81b9c04c48eb2d8dc8e3b12ac9394f29fefcadff4353d

  • SHA512

    51c0727c48f49dba5bcc17900edf0a70d6a35839194e7fd5cdd40b007db2b29ed7b4e7ba5c7eb925a242c2c7c2d75178aa470e57f5aa850f3c0aafc5b1b8a34e

  • SSDEEP

    3072:vhC6sY7bCiJB2leeXw0v0wnJcefSXQHPTTAkvB5Dd3:ZVsObCiJB41ZtnJfKXqPTX7Dx

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      49161c68064449a51be81b9c04c48eb2d8dc8e3b12ac9394f29fefcadff4353d

    • Size

      111KB

    • MD5

      58a37e7ef21f08b45200018141f87698

    • SHA1

      42029a32f1e930ce8fc0653a3d29d763393d66bc

    • SHA256

      49161c68064449a51be81b9c04c48eb2d8dc8e3b12ac9394f29fefcadff4353d

    • SHA512

      51c0727c48f49dba5bcc17900edf0a70d6a35839194e7fd5cdd40b007db2b29ed7b4e7ba5c7eb925a242c2c7c2d75178aa470e57f5aa850f3c0aafc5b1b8a34e

    • SSDEEP

      3072:vhC6sY7bCiJB2leeXw0v0wnJcefSXQHPTTAkvB5Dd3:ZVsObCiJB41ZtnJfKXqPTX7Dx

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks