General

  • Target

    99f6f54e700e30b2191de7b6fae63e5c6547aed24019c575b0bb9000285c0a38N.exe

  • Size

    397KB

  • Sample

    241113-jsyv2axkfx

  • MD5

    fc0276463d3e13854f60f486fb448110

  • SHA1

    03bdca4cb41c27fc275f6b1d2a1904fe63513db7

  • SHA256

    99f6f54e700e30b2191de7b6fae63e5c6547aed24019c575b0bb9000285c0a38

  • SHA512

    9c088e104a65097da7b2302c2f71eeaf2ce009a92238fe69a41f14da202d7acda4d712b890a672d3f81a00d62a86b85349e46c8f4c7baaec9c63ebb969acefde

  • SSDEEP

    6144:cViWi9pfKmYFM6234lKm3mo8Yvi4KsLTFM6234lKm3pT11Tgkz1581hW:ckWi/gFB24lwR45FB24lzx1skz15L

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      99f6f54e700e30b2191de7b6fae63e5c6547aed24019c575b0bb9000285c0a38N.exe

    • Size

      397KB

    • MD5

      fc0276463d3e13854f60f486fb448110

    • SHA1

      03bdca4cb41c27fc275f6b1d2a1904fe63513db7

    • SHA256

      99f6f54e700e30b2191de7b6fae63e5c6547aed24019c575b0bb9000285c0a38

    • SHA512

      9c088e104a65097da7b2302c2f71eeaf2ce009a92238fe69a41f14da202d7acda4d712b890a672d3f81a00d62a86b85349e46c8f4c7baaec9c63ebb969acefde

    • SSDEEP

      6144:cViWi9pfKmYFM6234lKm3mo8Yvi4KsLTFM6234lKm3pT11Tgkz1581hW:ckWi/gFB24lwR45FB24lzx1skz15L

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks