General

  • Target

    02107d91fb617cc5c9326828dd9fb97c92344a099192db623d65fe88c9cf91bdN.exe

  • Size

    552KB

  • Sample

    250127-sbfskavjgl

  • MD5

    efbfb56867805b41328abfc23ed236c0

  • SHA1

    b4fccbe03a8929318f27556c0877470697ca79cf

  • SHA256

    02107d91fb617cc5c9326828dd9fb97c92344a099192db623d65fe88c9cf91bd

  • SHA512

    ef959cef99bded22826a4ff92e912713f8290a3986b70ef365bb7e6c97bff0eb7032dff65ec32defa19071d992d77aada219870a7793be241d1027365062a6d6

  • SSDEEP

    6144:sKq3W8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrloBNTNxaaqvt:sKqG87g7/VycgE81lgxaa8t

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      02107d91fb617cc5c9326828dd9fb97c92344a099192db623d65fe88c9cf91bdN.exe

    • Size

      552KB

    • MD5

      efbfb56867805b41328abfc23ed236c0

    • SHA1

      b4fccbe03a8929318f27556c0877470697ca79cf

    • SHA256

      02107d91fb617cc5c9326828dd9fb97c92344a099192db623d65fe88c9cf91bd

    • SHA512

      ef959cef99bded22826a4ff92e912713f8290a3986b70ef365bb7e6c97bff0eb7032dff65ec32defa19071d992d77aada219870a7793be241d1027365062a6d6

    • SSDEEP

      6144:sKq3W8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrloBNTNxaaqvt:sKqG87g7/VycgE81lgxaa8t

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks