General

  • Target

    81bd0a42d38bb8840782ab3ab1269229873ac95b19b50282a01fc7948b73e00eN

  • Size

    224KB

  • Sample

    240930-l4sjhateja

  • MD5

    53f2f5d56996b04f9829c9ca6eaf9ea0

  • SHA1

    1b9fde3cdfa838967d52eca90349b85760003d56

  • SHA256

    81bd0a42d38bb8840782ab3ab1269229873ac95b19b50282a01fc7948b73e00e

  • SHA512

    756ccc8fc6ba8e4fed6d68d49c4c3d9e93395dfdedd5c985f4e768813f08515c3a9fadf6872f4503a104756eb6fd527bf02bc86d46747794a412944cdf500c33

  • SSDEEP

    6144:70WUNEptX5LRlUivKvUmKyIxLDXXoq9F1:4zNQZoivKv32XXf9/

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      81bd0a42d38bb8840782ab3ab1269229873ac95b19b50282a01fc7948b73e00eN

    • Size

      224KB

    • MD5

      53f2f5d56996b04f9829c9ca6eaf9ea0

    • SHA1

      1b9fde3cdfa838967d52eca90349b85760003d56

    • SHA256

      81bd0a42d38bb8840782ab3ab1269229873ac95b19b50282a01fc7948b73e00e

    • SHA512

      756ccc8fc6ba8e4fed6d68d49c4c3d9e93395dfdedd5c985f4e768813f08515c3a9fadf6872f4503a104756eb6fd527bf02bc86d46747794a412944cdf500c33

    • SSDEEP

      6144:70WUNEptX5LRlUivKvUmKyIxLDXXoq9F1:4zNQZoivKv32XXf9/

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks