General

  • Target

    92fcf454e3f83a9447b1bae433eadcd64162d8e1fce12068aaf325f855768f7d

  • Size

    89KB

  • Sample

    241223-3lsvzsvnbt

  • MD5

    641eb347b0c0692663c6892f72fc0a88

  • SHA1

    97a7efe336e0f21ac2f853d9fc2af4dbb9f9acde

  • SHA256

    92fcf454e3f83a9447b1bae433eadcd64162d8e1fce12068aaf325f855768f7d

  • SHA512

    0f551ffd1fdbd743930d5e736ac1e12ccf858a866f1b6a758d0fd17c0915da4008e48201110442aa3cf2e00f14f468cc318c7a533b3d21f14c9d4894c23c0220

  • SSDEEP

    1536:Et4+gxtvFtIweogHhSXYIFb73QHYpG6aJ1BnGRQZaD68a+VMKKTRVGFtUhQfR1Wy:EtmxIHhSIIFX3QHMGeetr4MKy3G7UEq+

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      92fcf454e3f83a9447b1bae433eadcd64162d8e1fce12068aaf325f855768f7d

    • Size

      89KB

    • MD5

      641eb347b0c0692663c6892f72fc0a88

    • SHA1

      97a7efe336e0f21ac2f853d9fc2af4dbb9f9acde

    • SHA256

      92fcf454e3f83a9447b1bae433eadcd64162d8e1fce12068aaf325f855768f7d

    • SHA512

      0f551ffd1fdbd743930d5e736ac1e12ccf858a866f1b6a758d0fd17c0915da4008e48201110442aa3cf2e00f14f468cc318c7a533b3d21f14c9d4894c23c0220

    • SSDEEP

      1536:Et4+gxtvFtIweogHhSXYIFb73QHYpG6aJ1BnGRQZaD68a+VMKKTRVGFtUhQfR1Wy:EtmxIHhSIIFX3QHMGeetr4MKy3G7UEq+

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks