General

  • Target

    b6caea86b0f340e8a882f30294b1863f5e99efa309e760685632915a4c706adf

  • Size

    72KB

  • Sample

    241107-d39gmavcje

  • MD5

    15cf026ff93827553b941de2a741dc27

  • SHA1

    bc90368c221caaa20df7b630ecf7a75716e337c9

  • SHA256

    b6caea86b0f340e8a882f30294b1863f5e99efa309e760685632915a4c706adf

  • SHA512

    477d141dc16565672bec6a84d94c054cf92d69980486278d831dfc0e53c678caa51fa33ed97f0c0fb766aa715b3a47aa8fede70f15052ce4dba36c94bdc7333f

  • SSDEEP

    1536:CrP4wQWdLxdkL9zt3CElDP1+plmf+h68GNgzVlFKod:3ANdcLP1JfUquzVxd

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b6caea86b0f340e8a882f30294b1863f5e99efa309e760685632915a4c706adf

    • Size

      72KB

    • MD5

      15cf026ff93827553b941de2a741dc27

    • SHA1

      bc90368c221caaa20df7b630ecf7a75716e337c9

    • SHA256

      b6caea86b0f340e8a882f30294b1863f5e99efa309e760685632915a4c706adf

    • SHA512

      477d141dc16565672bec6a84d94c054cf92d69980486278d831dfc0e53c678caa51fa33ed97f0c0fb766aa715b3a47aa8fede70f15052ce4dba36c94bdc7333f

    • SSDEEP

      1536:CrP4wQWdLxdkL9zt3CElDP1+plmf+h68GNgzVlFKod:3ANdcLP1JfUquzVxd

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks