General

  • Target

    7d438befc4505962896ec9b348e0884097c521183c0512e177d3bf2f4462174b

  • Size

    97KB

  • Sample

    241017-3zewaaxajq

  • MD5

    b3bac17041afafb28b07ee26e20973af

  • SHA1

    4caca2a2d32d39ce2b48b369ab6fff9bf357e2d9

  • SHA256

    7d438befc4505962896ec9b348e0884097c521183c0512e177d3bf2f4462174b

  • SHA512

    915fdaf59fc232150074813da4cd527c963d37d637cb17949009f4fb17504386ec1ebb39cf109861ca4ee1631a1c526e3cd7494e3e64a432045953e4eed65a5b

  • SSDEEP

    1536:PJWKEbSlnqFcWl0+RGBHeBThVCVpVLMjioJ0FjctGud0+SLoyyLKvJXeYZ6:xDEmxqFJ0+OCzzLt0+Sk3aJXeK6

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7d438befc4505962896ec9b348e0884097c521183c0512e177d3bf2f4462174b

    • Size

      97KB

    • MD5

      b3bac17041afafb28b07ee26e20973af

    • SHA1

      4caca2a2d32d39ce2b48b369ab6fff9bf357e2d9

    • SHA256

      7d438befc4505962896ec9b348e0884097c521183c0512e177d3bf2f4462174b

    • SHA512

      915fdaf59fc232150074813da4cd527c963d37d637cb17949009f4fb17504386ec1ebb39cf109861ca4ee1631a1c526e3cd7494e3e64a432045953e4eed65a5b

    • SSDEEP

      1536:PJWKEbSlnqFcWl0+RGBHeBThVCVpVLMjioJ0FjctGud0+SLoyyLKvJXeYZ6:xDEmxqFJ0+OCzzLt0+Sk3aJXeK6

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks