General

  • Target

    a83cb6c47c5b89a03d05cfd03d7f53f231e2fc9c1ff3302e020cdecbca2e046bN

  • Size

    96KB

  • Sample

    241001-x2lhyszdpd

  • MD5

    f48b0616aa8a828fd005774bc1cb5780

  • SHA1

    b076e6d76459580925179453f00c3f287465d55e

  • SHA256

    a83cb6c47c5b89a03d05cfd03d7f53f231e2fc9c1ff3302e020cdecbca2e046b

  • SHA512

    949373c976af7875f2ffcda263dac179431c1e00f38a574a94c7404ac401397035b4d3b77299e7114fc99aa131ca1ed6f59af8453b7ff3dee1b2d10bf02e2f7f

  • SSDEEP

    1536:UwP1bZSd48VWGjxOd7QLUcr+pRUiagfGLduV9jojTIvjrH:GLUcr+jxaqGLd69jc0vf

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a83cb6c47c5b89a03d05cfd03d7f53f231e2fc9c1ff3302e020cdecbca2e046bN

    • Size

      96KB

    • MD5

      f48b0616aa8a828fd005774bc1cb5780

    • SHA1

      b076e6d76459580925179453f00c3f287465d55e

    • SHA256

      a83cb6c47c5b89a03d05cfd03d7f53f231e2fc9c1ff3302e020cdecbca2e046b

    • SHA512

      949373c976af7875f2ffcda263dac179431c1e00f38a574a94c7404ac401397035b4d3b77299e7114fc99aa131ca1ed6f59af8453b7ff3dee1b2d10bf02e2f7f

    • SSDEEP

      1536:UwP1bZSd48VWGjxOd7QLUcr+pRUiagfGLduV9jojTIvjrH:GLUcr+jxaqGLd69jc0vf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks