General

  • Target

    631fb672a3ba47075a32602bbfc955976eab5796f859c687edbd846760de88c6

  • Size

    96KB

  • Sample

    241223-1rlyhssmhx

  • MD5

    8c49739ab7bbf3e7c3241fc0a6107da8

  • SHA1

    4422a4973ceed3e482aeeaaabf641c6edfbee105

  • SHA256

    631fb672a3ba47075a32602bbfc955976eab5796f859c687edbd846760de88c6

  • SHA512

    31220bc8b88ce97a28b3f595f97ca4028ec2b7b516d89546047c8b9af8939b3575b25487da7d37544e677448adc2b118a104c772bc07d6a531352634164c370a

  • SSDEEP

    1536:4pa6S+3ErF/SQ7HlTdi27nukSMS/RQ+HR5R45WtqV9R2R462izMg3R7ih9:4pj3EXR8scLe+HHrtG9MW3+3l29

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      631fb672a3ba47075a32602bbfc955976eab5796f859c687edbd846760de88c6

    • Size

      96KB

    • MD5

      8c49739ab7bbf3e7c3241fc0a6107da8

    • SHA1

      4422a4973ceed3e482aeeaaabf641c6edfbee105

    • SHA256

      631fb672a3ba47075a32602bbfc955976eab5796f859c687edbd846760de88c6

    • SHA512

      31220bc8b88ce97a28b3f595f97ca4028ec2b7b516d89546047c8b9af8939b3575b25487da7d37544e677448adc2b118a104c772bc07d6a531352634164c370a

    • SSDEEP

      1536:4pa6S+3ErF/SQ7HlTdi27nukSMS/RQ+HR5R45WtqV9R2R462izMg3R7ih9:4pj3EXR8scLe+HHrtG9MW3+3l29

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks