General

  • Target

    4c199dc973327b6dbdc77152c3aeca860ab7c5ac29fc3766f4b6fdd6c78487db

  • Size

    74KB

  • Sample

    241223-z4mj5s1pft

  • MD5

    6e626e5709fe3fb8172b6e1898e63202

  • SHA1

    b88c239a89233d5aaaad528837939840a529ce64

  • SHA256

    4c199dc973327b6dbdc77152c3aeca860ab7c5ac29fc3766f4b6fdd6c78487db

  • SHA512

    3d175191dc284a14f11bf0e30cfefae539844225cba4f7420ed518328b2fc9701ccd9d771defa5567d83104dea8f6f9a0a77e40ffd6d91bef6f1b89b51d46c2d

  • SSDEEP

    1536:rMONsyCwxS9/e1CguENvUdmDSJ7IVM8HbIJ1KmRQkORcRes3cO57OWH:YbyCNauaMmSiV/OpeRW19H

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4c199dc973327b6dbdc77152c3aeca860ab7c5ac29fc3766f4b6fdd6c78487db

    • Size

      74KB

    • MD5

      6e626e5709fe3fb8172b6e1898e63202

    • SHA1

      b88c239a89233d5aaaad528837939840a529ce64

    • SHA256

      4c199dc973327b6dbdc77152c3aeca860ab7c5ac29fc3766f4b6fdd6c78487db

    • SHA512

      3d175191dc284a14f11bf0e30cfefae539844225cba4f7420ed518328b2fc9701ccd9d771defa5567d83104dea8f6f9a0a77e40ffd6d91bef6f1b89b51d46c2d

    • SSDEEP

      1536:rMONsyCwxS9/e1CguENvUdmDSJ7IVM8HbIJ1KmRQkORcRes3cO57OWH:YbyCNauaMmSiV/OpeRW19H

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks