General

  • Target

    cd977f18abf3f6b216a6193ec7035c0fe0e4abb7dac2736fbaab02e91515007aN.exe

  • Size

    79KB

  • Sample

    241113-xds8wswqct

  • MD5

    488438e489cd3eb38326c418babae600

  • SHA1

    d98edecaa422e5745980939175152b1a1c1a328e

  • SHA256

    cd977f18abf3f6b216a6193ec7035c0fe0e4abb7dac2736fbaab02e91515007a

  • SHA512

    b2c45d81b639daa19f83146d7097462cc86d42fd4279658ee0b905dd22f4258aec422156a54bf8607b8e6e2cb673ee9982e475f9d8570e283cd83a5017c3454e

  • SSDEEP

    1536:M3U3JUW8pVqyNKqQBHd8BhzUl7MQ70mqW3JIBRQIRbRUs3cO57OWxXPu4i:kVNKqQB98B+l4QY63JieIlj9pux

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      cd977f18abf3f6b216a6193ec7035c0fe0e4abb7dac2736fbaab02e91515007aN.exe

    • Size

      79KB

    • MD5

      488438e489cd3eb38326c418babae600

    • SHA1

      d98edecaa422e5745980939175152b1a1c1a328e

    • SHA256

      cd977f18abf3f6b216a6193ec7035c0fe0e4abb7dac2736fbaab02e91515007a

    • SHA512

      b2c45d81b639daa19f83146d7097462cc86d42fd4279658ee0b905dd22f4258aec422156a54bf8607b8e6e2cb673ee9982e475f9d8570e283cd83a5017c3454e

    • SSDEEP

      1536:M3U3JUW8pVqyNKqQBHd8BhzUl7MQ70mqW3JIBRQIRbRUs3cO57OWxXPu4i:kVNKqQB98B+l4QY63JieIlj9pux

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks