General

  • Target

    Backdoor.Win32.Berbew.pz-45fb7672c286d8cd1b4a61c327d59939de8195c00639aa49e6910455796c5b32N

  • Size

    96KB

  • Sample

    240916-nkdbksvdna

  • MD5

    be32edd3c58d49f4e42aeee9430c0510

  • SHA1

    2a9a57c7b452f3c91622d47140899830f560ad0d

  • SHA256

    45fb7672c286d8cd1b4a61c327d59939de8195c00639aa49e6910455796c5b32

  • SHA512

    650922c428cabc5d904670f8c441c4516cd6c453d039277643f77218033c2521fc2bdf12afe7b7c5eb8ddedd8ff0c4d5836145c5a4702bc044be984645a8ba29

  • SSDEEP

    1536:IzNwXf5sTzhXNS1kp4RWRxp54ybZrqOeKuARU19Eh2tC74S7V+5pUMv84WMRw8DO:GDXNS12M4xPBblqOuEhiK4Sp+7H7wWkb

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Berbew.pz-45fb7672c286d8cd1b4a61c327d59939de8195c00639aa49e6910455796c5b32N

    • Size

      96KB

    • MD5

      be32edd3c58d49f4e42aeee9430c0510

    • SHA1

      2a9a57c7b452f3c91622d47140899830f560ad0d

    • SHA256

      45fb7672c286d8cd1b4a61c327d59939de8195c00639aa49e6910455796c5b32

    • SHA512

      650922c428cabc5d904670f8c441c4516cd6c453d039277643f77218033c2521fc2bdf12afe7b7c5eb8ddedd8ff0c4d5836145c5a4702bc044be984645a8ba29

    • SSDEEP

      1536:IzNwXf5sTzhXNS1kp4RWRxp54ybZrqOeKuARU19Eh2tC74S7V+5pUMv84WMRw8DO:GDXNS12M4xPBblqOuEhiK4Sp+7H7wWkb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks