General

  • Target

    f089b33f023d3bc243a2bae12f2ed3dc87d196b845db648292b31e6f0220b2c1

  • Size

    320KB

  • Sample

    240920-3kn6eavcnq

  • MD5

    c640290c04cbd946b2e307f19becf3f8

  • SHA1

    f2269484ce77c13a8abae3dfc1d6118820b3a5cd

  • SHA256

    f089b33f023d3bc243a2bae12f2ed3dc87d196b845db648292b31e6f0220b2c1

  • SHA512

    86217c6733969771dcc3b0bc05bfecda26de6ae566c12d2565cc5e0e95a4acc3b8fc92fb03dfa4983e17d15ef03d4a528d5c15cb27c6b8899b671c08377c3bdd

  • SSDEEP

    6144:KMDGdK4A7V+tbFOLM77OLnFe3HCqxNRmJ4PavntPRD:HDGJltsNePmjvtPRD

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f089b33f023d3bc243a2bae12f2ed3dc87d196b845db648292b31e6f0220b2c1

    • Size

      320KB

    • MD5

      c640290c04cbd946b2e307f19becf3f8

    • SHA1

      f2269484ce77c13a8abae3dfc1d6118820b3a5cd

    • SHA256

      f089b33f023d3bc243a2bae12f2ed3dc87d196b845db648292b31e6f0220b2c1

    • SHA512

      86217c6733969771dcc3b0bc05bfecda26de6ae566c12d2565cc5e0e95a4acc3b8fc92fb03dfa4983e17d15ef03d4a528d5c15cb27c6b8899b671c08377c3bdd

    • SSDEEP

      6144:KMDGdK4A7V+tbFOLM77OLnFe3HCqxNRmJ4PavntPRD:HDGJltsNePmjvtPRD

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks