General

  • Target

    f096544a32be95f5b423d0df64df57c235613f1b3b4e3bb5a24695a080347513N

  • Size

    160KB

  • Sample

    241002-pe3vqayhre

  • MD5

    ecfcd2a3b39ac74991d16cf6d124e470

  • SHA1

    9a06573ff31b01de332a5f1d55b6bedc5310721c

  • SHA256

    f096544a32be95f5b423d0df64df57c235613f1b3b4e3bb5a24695a080347513

  • SHA512

    90bbd00480cff65374cff2003001afa1eace037b940577e4e91fb62bee18110cc4c52835014eb9817f4f15934e21a99fc5eddc40308dc9b618bfc8185275ad5d

  • SSDEEP

    3072:zxbgJt9q62J3H19gb3a3+X13XRzrgHq/Wp+YmKfxgQdxvr:VbgWVq7aOl3BzrUmKyIxT

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f096544a32be95f5b423d0df64df57c235613f1b3b4e3bb5a24695a080347513N

    • Size

      160KB

    • MD5

      ecfcd2a3b39ac74991d16cf6d124e470

    • SHA1

      9a06573ff31b01de332a5f1d55b6bedc5310721c

    • SHA256

      f096544a32be95f5b423d0df64df57c235613f1b3b4e3bb5a24695a080347513

    • SHA512

      90bbd00480cff65374cff2003001afa1eace037b940577e4e91fb62bee18110cc4c52835014eb9817f4f15934e21a99fc5eddc40308dc9b618bfc8185275ad5d

    • SSDEEP

      3072:zxbgJt9q62J3H19gb3a3+X13XRzrgHq/Wp+YmKfxgQdxvr:VbgWVq7aOl3BzrUmKyIxT

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks