General

  • Target

    Backdoor.Win32.Berbew.pz-38122550fdcaa2f727f72c1f0cb471309d854faf1cc926ba0412cb03aacf211aN

  • Size

    96KB

  • Sample

    240916-sbaljsteng

  • MD5

    3e38bc20ad09ab4d87a75d2dc51367f0

  • SHA1

    252348a2fc94ded76c141a8ac123d896fe512285

  • SHA256

    38122550fdcaa2f727f72c1f0cb471309d854faf1cc926ba0412cb03aacf211a

  • SHA512

    dc4bf868f13201945024cca45aed2d055d43632fc6c220aabf5766918922067d32d6e3dce8bc08b671e604577f5072ea3282645171a2cfacf81fc25754e7b451

  • SSDEEP

    1536:RaAPV8o5Ux8KexshxOWsoz/XG2Zez0NJ7hAIo9TcGq2tQ74S7V+5pUMv84WMRw8C:RBPV8V2Kex2xjs6/XGm40NJ7L7Li44SN

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Berbew.pz-38122550fdcaa2f727f72c1f0cb471309d854faf1cc926ba0412cb03aacf211aN

    • Size

      96KB

    • MD5

      3e38bc20ad09ab4d87a75d2dc51367f0

    • SHA1

      252348a2fc94ded76c141a8ac123d896fe512285

    • SHA256

      38122550fdcaa2f727f72c1f0cb471309d854faf1cc926ba0412cb03aacf211a

    • SHA512

      dc4bf868f13201945024cca45aed2d055d43632fc6c220aabf5766918922067d32d6e3dce8bc08b671e604577f5072ea3282645171a2cfacf81fc25754e7b451

    • SSDEEP

      1536:RaAPV8o5Ux8KexshxOWsoz/XG2Zez0NJ7hAIo9TcGq2tQ74S7V+5pUMv84WMRw8C:RBPV8V2Kex2xjs6/XGm40NJ7L7Li44SN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks