General

  • Target

    dd476bc043a76204ae0c6ba6378a88e7db931b7790ca23f0160573edc80e760eN

  • Size

    192KB

  • Sample

    241005-19tq3syhmb

  • MD5

    c73794f286451119570a80448dafb4e0

  • SHA1

    bace354d83f52b1fecfdaaaf162d004e9c9532fb

  • SHA256

    dd476bc043a76204ae0c6ba6378a88e7db931b7790ca23f0160573edc80e760e

  • SHA512

    0730e79c40d9be7d524ba3b64496e0c49d84b7a445e5a25e0ab77407a95c6b4fbb381ef72c89e8eaf91df2329cae8c7322ef9a2a76f0dfe8314d0ff45941e90f

  • SSDEEP

    1536:WzRQ+tcJSZg76FpQmSjBEdBHnkwTznouy8O6Nuf51TQmQM22OwJwTa58nFwWy0wK:WNQkZ06Fq1BELHXLoutkTy27zU

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dd476bc043a76204ae0c6ba6378a88e7db931b7790ca23f0160573edc80e760eN

    • Size

      192KB

    • MD5

      c73794f286451119570a80448dafb4e0

    • SHA1

      bace354d83f52b1fecfdaaaf162d004e9c9532fb

    • SHA256

      dd476bc043a76204ae0c6ba6378a88e7db931b7790ca23f0160573edc80e760e

    • SHA512

      0730e79c40d9be7d524ba3b64496e0c49d84b7a445e5a25e0ab77407a95c6b4fbb381ef72c89e8eaf91df2329cae8c7322ef9a2a76f0dfe8314d0ff45941e90f

    • SSDEEP

      1536:WzRQ+tcJSZg76FpQmSjBEdBHnkwTznouy8O6Nuf51TQmQM22OwJwTa58nFwWy0wK:WNQkZ06Fq1BELHXLoutkTy27zU

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks