General

  • Target

    0b4cb4be034c3651efd025df7a453a221a44fbd8c52e2b7341706f3f6cca0613

  • Size

    95KB

  • Sample

    241224-x6qy8svmbt

  • MD5

    c3f41d548bcab735762f8d8c2c148da6

  • SHA1

    58910ed5ec030d72dd0524b7b47499581033c827

  • SHA256

    0b4cb4be034c3651efd025df7a453a221a44fbd8c52e2b7341706f3f6cca0613

  • SHA512

    ea9efce11629e0d24fc21be081ee93a4477f584694860c66aff36dd806ed4d1f402fbb377a8fe940f9cc2416b77c57ea2ca63d2e9f2dbba03c7a74fcdf848c7b

  • SSDEEP

    1536:0ZUX7ggeo+x2Dus0CMo1GRXn3A5g5gh0Zqf+bx7eIBtHRQrIRVRoRch1dROrwpOH:0uX7TYxYHNeR3k9aRbxnekTWM1dQrTOE

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0b4cb4be034c3651efd025df7a453a221a44fbd8c52e2b7341706f3f6cca0613

    • Size

      95KB

    • MD5

      c3f41d548bcab735762f8d8c2c148da6

    • SHA1

      58910ed5ec030d72dd0524b7b47499581033c827

    • SHA256

      0b4cb4be034c3651efd025df7a453a221a44fbd8c52e2b7341706f3f6cca0613

    • SHA512

      ea9efce11629e0d24fc21be081ee93a4477f584694860c66aff36dd806ed4d1f402fbb377a8fe940f9cc2416b77c57ea2ca63d2e9f2dbba03c7a74fcdf848c7b

    • SSDEEP

      1536:0ZUX7ggeo+x2Dus0CMo1GRXn3A5g5gh0Zqf+bx7eIBtHRQrIRVRoRch1dROrwpOH:0uX7TYxYHNeR3k9aRbxnekTWM1dQrTOE

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks