General

  • Target

    7357eebea3523b0695f9e8879d29f5ee4d56f9fe9e2ad6966adfe1c87b3c0405N

  • Size

    128KB

  • Sample

    241113-krtqcsyema

  • MD5

    bdf956e52f825e0934912bed17fea5e0

  • SHA1

    66bef76d1f28d9d233d838d8b4bd7e776b2d6433

  • SHA256

    7357eebea3523b0695f9e8879d29f5ee4d56f9fe9e2ad6966adfe1c87b3c0405

  • SHA512

    2cdb74ec62a73f01e5c3446e4a5dbd7545b46891437e13a87ddd6d91d561b956509d2fa1cb9527032460fbcb9743b88a7f7b4f86b99e5563e2758d8a58f91aa0

  • SSDEEP

    3072:NVoC31Vrd/UM+ReRlj9pui6yYPaI7DehizrVtN:nV1Vrd/rxpui6yYPaIGc

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7357eebea3523b0695f9e8879d29f5ee4d56f9fe9e2ad6966adfe1c87b3c0405N

    • Size

      128KB

    • MD5

      bdf956e52f825e0934912bed17fea5e0

    • SHA1

      66bef76d1f28d9d233d838d8b4bd7e776b2d6433

    • SHA256

      7357eebea3523b0695f9e8879d29f5ee4d56f9fe9e2ad6966adfe1c87b3c0405

    • SHA512

      2cdb74ec62a73f01e5c3446e4a5dbd7545b46891437e13a87ddd6d91d561b956509d2fa1cb9527032460fbcb9743b88a7f7b4f86b99e5563e2758d8a58f91aa0

    • SSDEEP

      3072:NVoC31Vrd/UM+ReRlj9pui6yYPaI7DehizrVtN:nV1Vrd/rxpui6yYPaIGc

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks