General

  • Target

    80889d59b92c0cfb8554443ccd6f5cec5ffaf6d04a72b55bf9c099cf8c90cb3a.exe

  • Size

    89KB

  • Sample

    241113-xbqd8axcnd

  • MD5

    2a79ecadb7089fe494736a5344c00109

  • SHA1

    a4be5f5bfcde6f9af49724b18a6dc4d4a1a2595f

  • SHA256

    80889d59b92c0cfb8554443ccd6f5cec5ffaf6d04a72b55bf9c099cf8c90cb3a

  • SHA512

    9c08928ed9218656d7d65b5c32681a1865e2702d0c6e0452a5a409781c830d4be89efb863ee57a1e64019b6c1e820e5266f199c4dd3c3a2fcdd5fc4f560f54a8

  • SSDEEP

    1536:U6wDd6ytcU3TcE/yCFOD+paMGqCRQq+rj8CGyRQwR+KRFR3RzR1URJrCiuiNj5Qy:s5aU6pMGtRwrlewjb5ZXUf2iuOj22lpt

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      80889d59b92c0cfb8554443ccd6f5cec5ffaf6d04a72b55bf9c099cf8c90cb3a.exe

    • Size

      89KB

    • MD5

      2a79ecadb7089fe494736a5344c00109

    • SHA1

      a4be5f5bfcde6f9af49724b18a6dc4d4a1a2595f

    • SHA256

      80889d59b92c0cfb8554443ccd6f5cec5ffaf6d04a72b55bf9c099cf8c90cb3a

    • SHA512

      9c08928ed9218656d7d65b5c32681a1865e2702d0c6e0452a5a409781c830d4be89efb863ee57a1e64019b6c1e820e5266f199c4dd3c3a2fcdd5fc4f560f54a8

    • SSDEEP

      1536:U6wDd6ytcU3TcE/yCFOD+paMGqCRQq+rj8CGyRQwR+KRFR3RzR1URJrCiuiNj5Qy:s5aU6pMGtRwrlewjb5ZXUf2iuOj22lpt

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks