General

  • Target

    1fbe327464836d274ae4ed88422ebd51a7d51276984d562c0dc514dd0a91317eN

  • Size

    3.2MB

  • Sample

    241107-d8js6avdkb

  • MD5

    892ed62f8ddabfda4f6b956e76336aa0

  • SHA1

    fcdb789e4824c85226ca38adc63ecff077986c2d

  • SHA256

    1fbe327464836d274ae4ed88422ebd51a7d51276984d562c0dc514dd0a91317e

  • SHA512

    465b5554cf759999fd2a23cb63c6f98f0f1cd7ba3ecff3ef6fddc2b60e0a0d9430f83f38643cb73417a023a5b8c0de114ee2de18660eccd587d3529628a3bf16

  • SSDEEP

    98304:AklBFLPj3JStuv40ar7zrbDlsa2VIlPWYv1NT/YUugy:AklBFLPj3JStuv40ar7zrbDlsa2VIlPu

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1fbe327464836d274ae4ed88422ebd51a7d51276984d562c0dc514dd0a91317eN

    • Size

      3.2MB

    • MD5

      892ed62f8ddabfda4f6b956e76336aa0

    • SHA1

      fcdb789e4824c85226ca38adc63ecff077986c2d

    • SHA256

      1fbe327464836d274ae4ed88422ebd51a7d51276984d562c0dc514dd0a91317e

    • SHA512

      465b5554cf759999fd2a23cb63c6f98f0f1cd7ba3ecff3ef6fddc2b60e0a0d9430f83f38643cb73417a023a5b8c0de114ee2de18660eccd587d3529628a3bf16

    • SSDEEP

      98304:AklBFLPj3JStuv40ar7zrbDlsa2VIlPWYv1NT/YUugy:AklBFLPj3JStuv40ar7zrbDlsa2VIlPu

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks