General

  • Target

    0cdce39f037e5c8a3798d78eafa2056e6f02b05255e1d478157781c9ebe5ed9aN

  • Size

    844KB

  • Sample

    241009-lrlv7azgkf

  • MD5

    f621a0d50711a8616500cb5ca7485070

  • SHA1

    db2e19d05533caad8939d8614bf614d031dafa1e

  • SHA256

    0cdce39f037e5c8a3798d78eafa2056e6f02b05255e1d478157781c9ebe5ed9a

  • SHA512

    cf62a4d25448ae993edc22aebaeca74a9304941991ec0f90bc64fce61c3af45f3f20cbf0e49bac8b51dfd6fa803faa32061bbef4b1437290a7d42b934832c15c

  • SSDEEP

    24576:dH5W3TnbQihMpQnqrdX72LbY6x46uR/qYglMi:dH5W3TbQihw+cdX2x46uhqllMi

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0cdce39f037e5c8a3798d78eafa2056e6f02b05255e1d478157781c9ebe5ed9aN

    • Size

      844KB

    • MD5

      f621a0d50711a8616500cb5ca7485070

    • SHA1

      db2e19d05533caad8939d8614bf614d031dafa1e

    • SHA256

      0cdce39f037e5c8a3798d78eafa2056e6f02b05255e1d478157781c9ebe5ed9a

    • SHA512

      cf62a4d25448ae993edc22aebaeca74a9304941991ec0f90bc64fce61c3af45f3f20cbf0e49bac8b51dfd6fa803faa32061bbef4b1437290a7d42b934832c15c

    • SSDEEP

      24576:dH5W3TnbQihMpQnqrdX72LbY6x46uR/qYglMi:dH5W3TbQihw+cdX2x46uhqllMi

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks