General

  • Target

    Backdoor.Win32.Berbew.pz-4b92560b6d5877ee12d4925539ab5f0b966bae2ec2d0b28bc8870f271372d871N

  • Size

    96KB

  • Sample

    240916-nmg3jsvfkk

  • MD5

    f040140c2a90624fe9a524c91e03dc50

  • SHA1

    fdcf62148b004d34b669eddcf17b636ea5e401ae

  • SHA256

    4b92560b6d5877ee12d4925539ab5f0b966bae2ec2d0b28bc8870f271372d871

  • SHA512

    729e93c48a27a2eeed9ddde2c2ad3ddc014c92c0a3beb2f19730beb64e19be870b0b668575891a284ba0295841c5b47496e20b978dc34f80eb66a19b79d6ee81

  • SSDEEP

    1536:nHMjbWnXjtu2WO8u/EUDszYr3GFRvlz8EJYWl4PE9x10pA1Ds2tR374S7V+5pUMa:sjba58ubASkjwtIf0pcsiB4Sp+7H7wWO

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Berbew.pz-4b92560b6d5877ee12d4925539ab5f0b966bae2ec2d0b28bc8870f271372d871N

    • Size

      96KB

    • MD5

      f040140c2a90624fe9a524c91e03dc50

    • SHA1

      fdcf62148b004d34b669eddcf17b636ea5e401ae

    • SHA256

      4b92560b6d5877ee12d4925539ab5f0b966bae2ec2d0b28bc8870f271372d871

    • SHA512

      729e93c48a27a2eeed9ddde2c2ad3ddc014c92c0a3beb2f19730beb64e19be870b0b668575891a284ba0295841c5b47496e20b978dc34f80eb66a19b79d6ee81

    • SSDEEP

      1536:nHMjbWnXjtu2WO8u/EUDszYr3GFRvlz8EJYWl4PE9x10pA1Ds2tR374S7V+5pUMa:sjba58ubASkjwtIf0pcsiB4Sp+7H7wWO

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks