General

  • Target

    Backdoor.Win32.Berbew.pz-1df2cfdfa827c84a4bfac9fda6e88ea590f8800b608d26e2edaae4a0f411910fN

  • Size

    206KB

  • Sample

    240916-rxlp9ssgkq

  • MD5

    040432043417abea0a0b2e7afc55c4e0

  • SHA1

    e1b21881aad94fb4d73b8197a4ab41b2a96e4939

  • SHA256

    1df2cfdfa827c84a4bfac9fda6e88ea590f8800b608d26e2edaae4a0f411910f

  • SHA512

    bc573e33e6b4934368cc345594793cc24219465d4f823c12ab0dff1226e159ad890129627a2d568f77ca030db425dd1f27f3d7441e44c25f0f8f853e29408d83

  • SSDEEP

    3072:E83Phf4wVCD5OmRCMyELiAHONdSVgtRQ2c+tlB5xpWJLM77OkemANaze:E83PhgYmRbBuqV+tbFOLM77OLjUze

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Berbew.pz-1df2cfdfa827c84a4bfac9fda6e88ea590f8800b608d26e2edaae4a0f411910fN

    • Size

      206KB

    • MD5

      040432043417abea0a0b2e7afc55c4e0

    • SHA1

      e1b21881aad94fb4d73b8197a4ab41b2a96e4939

    • SHA256

      1df2cfdfa827c84a4bfac9fda6e88ea590f8800b608d26e2edaae4a0f411910f

    • SHA512

      bc573e33e6b4934368cc345594793cc24219465d4f823c12ab0dff1226e159ad890129627a2d568f77ca030db425dd1f27f3d7441e44c25f0f8f853e29408d83

    • SSDEEP

      3072:E83Phf4wVCD5OmRCMyELiAHONdSVgtRQ2c+tlB5xpWJLM77OkemANaze:E83PhgYmRbBuqV+tbFOLM77OLjUze

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks