General

  • Target

    c9e037c50f6c644f1221c69b35647d0012e09bead739a7172328e7d37d291a73

  • Size

    79KB

  • Sample

    241208-dlbt2ayrcs

  • MD5

    eda86f72c04043e0933464dd4b8589e0

  • SHA1

    c68c15079e9ce58ed8ba347634444d3ecbb98d45

  • SHA256

    c9e037c50f6c644f1221c69b35647d0012e09bead739a7172328e7d37d291a73

  • SHA512

    ad493f0c28687132cb8a5f604d0ec7b2e59c2dd33110eccaf3e564661339ccd5e08e1f090bdf3c6fc42272df391187b72916303a3403d6c6814e5cd3d3fda183

  • SSDEEP

    1536:YX2yYn2xkX+jkkqHlP+d7VnlZMrpgotbGJukR7YJfbj7RQLERbRUs3cO57OWxXPh:YX2p2xk0d7VjMSoy1Wv7eLElj9puE

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c9e037c50f6c644f1221c69b35647d0012e09bead739a7172328e7d37d291a73

    • Size

      79KB

    • MD5

      eda86f72c04043e0933464dd4b8589e0

    • SHA1

      c68c15079e9ce58ed8ba347634444d3ecbb98d45

    • SHA256

      c9e037c50f6c644f1221c69b35647d0012e09bead739a7172328e7d37d291a73

    • SHA512

      ad493f0c28687132cb8a5f604d0ec7b2e59c2dd33110eccaf3e564661339ccd5e08e1f090bdf3c6fc42272df391187b72916303a3403d6c6814e5cd3d3fda183

    • SSDEEP

      1536:YX2yYn2xkX+jkkqHlP+d7VnlZMrpgotbGJukR7YJfbj7RQLERbRUs3cO57OWxXPh:YX2p2xk0d7VjMSoy1Wv7eLElj9puE

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks