General

  • Target

    TrojanDownloader.Win32.Berbew.pz-aa7e0d18724b907ba98df6fe73dfca77d156f2f741a81b46ffda3ce400bdc2b2N

  • Size

    217KB

  • Sample

    240916-nljjzsvepm

  • MD5

    a5c659b2dc7957ca28d3646f485f0b60

  • SHA1

    32b3d0415f60d4ae092033ab5c311d52f7dd029e

  • SHA256

    aa7e0d18724b907ba98df6fe73dfca77d156f2f741a81b46ffda3ce400bdc2b2

  • SHA512

    0e4f834c44002bcb5c19ad2a033ada3f9937ae60085704689df29298df5bc4008731913a458fcbfdb62baefda65b774b310e63cad66457c16f6688615fe56680

  • SSDEEP

    3072:cKzkzVaGvVMobmUGfVeS5pAgYIqGvJ6887lbyMGjXF1kqaholmtbCQVD:cKoQE2oKU2VdZMGXF5ahdt3

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-aa7e0d18724b907ba98df6fe73dfca77d156f2f741a81b46ffda3ce400bdc2b2N

    • Size

      217KB

    • MD5

      a5c659b2dc7957ca28d3646f485f0b60

    • SHA1

      32b3d0415f60d4ae092033ab5c311d52f7dd029e

    • SHA256

      aa7e0d18724b907ba98df6fe73dfca77d156f2f741a81b46ffda3ce400bdc2b2

    • SHA512

      0e4f834c44002bcb5c19ad2a033ada3f9937ae60085704689df29298df5bc4008731913a458fcbfdb62baefda65b774b310e63cad66457c16f6688615fe56680

    • SSDEEP

      3072:cKzkzVaGvVMobmUGfVeS5pAgYIqGvJ6887lbyMGjXF1kqaholmtbCQVD:cKoQE2oKU2VdZMGXF5ahdt3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks