General

  • Target

    9610b926f19b7fe1efe88c3d975bc6f9114bf8c19a19b175b001336c2764e7b3

  • Size

    470KB

  • Sample

    241209-bhp65sxjhy

  • MD5

    df5dc344cc4f120912f208f4d0236d31

  • SHA1

    f9c4893c7435c8f6c8bdb7eca37f381022ff62f2

  • SHA256

    9610b926f19b7fe1efe88c3d975bc6f9114bf8c19a19b175b001336c2764e7b3

  • SHA512

    d2677ca1a8576927d5099555f69e99af44642ec9c1ef8cdd961003af1956b7cac4f9cef734e1e4d8a7600050ce64446dbe2c6da248aef1bff499a0adee81eb1c

  • SSDEEP

    12288:vJv/Qc8QVj94nLiFzN3b7CUq1u2ztB1XQKTQInqyS6Rm6TIJ3l7DurTG9c8QVj94:J4K

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9610b926f19b7fe1efe88c3d975bc6f9114bf8c19a19b175b001336c2764e7b3

    • Size

      470KB

    • MD5

      df5dc344cc4f120912f208f4d0236d31

    • SHA1

      f9c4893c7435c8f6c8bdb7eca37f381022ff62f2

    • SHA256

      9610b926f19b7fe1efe88c3d975bc6f9114bf8c19a19b175b001336c2764e7b3

    • SHA512

      d2677ca1a8576927d5099555f69e99af44642ec9c1ef8cdd961003af1956b7cac4f9cef734e1e4d8a7600050ce64446dbe2c6da248aef1bff499a0adee81eb1c

    • SSDEEP

      12288:vJv/Qc8QVj94nLiFzN3b7CUq1u2ztB1XQKTQInqyS6Rm6TIJ3l7DurTG9c8QVj94:J4K

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks