General

  • Target

    01d206168ee687f2d300e96b10c44de82ce9b1a47773bf8cbbe2886fa0637847

  • Size

    105KB

  • Sample

    241224-xrqd6atrfx

  • MD5

    d59f46201f90d789f6559ccc1335e1c2

  • SHA1

    3687ab4af8e1e5c5e3db665dbe27136466058f3d

  • SHA256

    01d206168ee687f2d300e96b10c44de82ce9b1a47773bf8cbbe2886fa0637847

  • SHA512

    52d6f9aae837cccc36f0b96f024098084399c8c49d9391e1fcf4d0216139090f5fbf9c9d676d8913f7a7fc3dc8921dfb0f93cd3428d1cc6b5f350966c47ba9fa

  • SSDEEP

    3072:chowP+Kiqza7XlFfV6L1ke2Zl2NkzwH5GJks8WYlOWeE:cXsHFf4x/o9zwZ9s8Sm

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      01d206168ee687f2d300e96b10c44de82ce9b1a47773bf8cbbe2886fa0637847

    • Size

      105KB

    • MD5

      d59f46201f90d789f6559ccc1335e1c2

    • SHA1

      3687ab4af8e1e5c5e3db665dbe27136466058f3d

    • SHA256

      01d206168ee687f2d300e96b10c44de82ce9b1a47773bf8cbbe2886fa0637847

    • SHA512

      52d6f9aae837cccc36f0b96f024098084399c8c49d9391e1fcf4d0216139090f5fbf9c9d676d8913f7a7fc3dc8921dfb0f93cd3428d1cc6b5f350966c47ba9fa

    • SSDEEP

      3072:chowP+Kiqza7XlFfV6L1ke2Zl2NkzwH5GJks8WYlOWeE:cXsHFf4x/o9zwZ9s8Sm

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks