General

  • Target

    1a1e96dc49adabd42934bab7b96d94ca2ee172f52915f07fed23b00e991dd612.exe

  • Size

    128KB

  • Sample

    241113-xdzqnsxenm

  • MD5

    0698424fbcc384c72eb49b772589fb3a

  • SHA1

    222895f0313fed591ab212ce661b7a5e0930d75f

  • SHA256

    1a1e96dc49adabd42934bab7b96d94ca2ee172f52915f07fed23b00e991dd612

  • SHA512

    9d73011576cfb2c2a58c02138d664a501f018fc1b19a7de8ab0b1b2fadfe5d8ed25215a2497faf4e421559fe276e3258934c9dc3a193d19c4288dfd570f5b02c

  • SSDEEP

    3072:0S7PJ46EhN11AJ9P6BGtHeqw0v0wnJcefSXQHPTTAkvB5DdcgFM9o:1rJY14P6BGQwtnJfKXqPTX7D7FMC

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1a1e96dc49adabd42934bab7b96d94ca2ee172f52915f07fed23b00e991dd612.exe

    • Size

      128KB

    • MD5

      0698424fbcc384c72eb49b772589fb3a

    • SHA1

      222895f0313fed591ab212ce661b7a5e0930d75f

    • SHA256

      1a1e96dc49adabd42934bab7b96d94ca2ee172f52915f07fed23b00e991dd612

    • SHA512

      9d73011576cfb2c2a58c02138d664a501f018fc1b19a7de8ab0b1b2fadfe5d8ed25215a2497faf4e421559fe276e3258934c9dc3a193d19c4288dfd570f5b02c

    • SSDEEP

      3072:0S7PJ46EhN11AJ9P6BGtHeqw0v0wnJcefSXQHPTTAkvB5DdcgFM9o:1rJY14P6BGQwtnJfKXqPTX7D7FMC

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks