General

  • Target

    c1cc9ccc095765defd656f571b67e57a9564cfd2e911c28c1f0ca646b1c25bcc

  • Size

    97KB

  • Sample

    240919-b4rbbsvakf

  • MD5

    4c273f991bbbb5d0917e4ab5438dc586

  • SHA1

    66e25b79b57141a14520c20831438b618db51735

  • SHA256

    c1cc9ccc095765defd656f571b67e57a9564cfd2e911c28c1f0ca646b1c25bcc

  • SHA512

    21ce97f8e63eb5369abd6a03cbade523f61e2aed5a32e00e1d7be00f75264431bb6bbf1198bceba85fa4bc7fcfa542f02be64a0680db2513ef57f78711770532

  • SSDEEP

    1536:YxxDGC9XRoORxA24VY4Y37RmIZurUXaMQfG2Hq0ePpTouiG7OlkvJXeYZ6:YxxHXRoP2lLRfRjQfrjePpT4UJXeK6

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c1cc9ccc095765defd656f571b67e57a9564cfd2e911c28c1f0ca646b1c25bcc

    • Size

      97KB

    • MD5

      4c273f991bbbb5d0917e4ab5438dc586

    • SHA1

      66e25b79b57141a14520c20831438b618db51735

    • SHA256

      c1cc9ccc095765defd656f571b67e57a9564cfd2e911c28c1f0ca646b1c25bcc

    • SHA512

      21ce97f8e63eb5369abd6a03cbade523f61e2aed5a32e00e1d7be00f75264431bb6bbf1198bceba85fa4bc7fcfa542f02be64a0680db2513ef57f78711770532

    • SSDEEP

      1536:YxxDGC9XRoORxA24VY4Y37RmIZurUXaMQfG2Hq0ePpTouiG7OlkvJXeYZ6:YxxHXRoP2lLRfRjQfrjePpT4UJXeK6

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks