General

  • Target

    afb26d61c60ff6e2a2be2193e85171efb4990a3548b7d6b66d120c68585180d8N

  • Size

    109KB

  • Sample

    241022-f4m15a1hln

  • MD5

    fcef078e8cf67ae69fce82bcead18c80

  • SHA1

    d61ec808342803de2435b9eaad9782d6a7d4d603

  • SHA256

    afb26d61c60ff6e2a2be2193e85171efb4990a3548b7d6b66d120c68585180d8

  • SHA512

    9801655e1ad572ea49d7b9774e70f2ce5f864f173f7d5e4b218f0034afb1e22c78b02e88b01b3c8f3467aa9327213ee6d41a62db5d5d89ef8fe8c2fcc2279c4d

  • SSDEEP

    3072:2Df67vLzBOzxH4J9hLCqwzBu1DjHLMVDqqkSpR:2Df67vPB0xH4J9pwtu1DjrFqhz

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      afb26d61c60ff6e2a2be2193e85171efb4990a3548b7d6b66d120c68585180d8N

    • Size

      109KB

    • MD5

      fcef078e8cf67ae69fce82bcead18c80

    • SHA1

      d61ec808342803de2435b9eaad9782d6a7d4d603

    • SHA256

      afb26d61c60ff6e2a2be2193e85171efb4990a3548b7d6b66d120c68585180d8

    • SHA512

      9801655e1ad572ea49d7b9774e70f2ce5f864f173f7d5e4b218f0034afb1e22c78b02e88b01b3c8f3467aa9327213ee6d41a62db5d5d89ef8fe8c2fcc2279c4d

    • SSDEEP

      3072:2Df67vLzBOzxH4J9hLCqwzBu1DjHLMVDqqkSpR:2Df67vPB0xH4J9pwtu1DjrFqhz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Brute Ratel C4

      A customized command and control framework for red teaming and adversary simulation.

    • Detect BruteRatel badger

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks