General

  • Target

    aa7b22d9d6545d441b189c8f24195f5209a7d13267a1e9c33deb0dd632a9ebe1

  • Size

    276KB

  • Sample

    241107-dhg7mssrdy

  • MD5

    ddd935fbf6f267c162638c2f59401f0c

  • SHA1

    251b1a1568f65d04ae94b0fb3214a36b19b9ead4

  • SHA256

    aa7b22d9d6545d441b189c8f24195f5209a7d13267a1e9c33deb0dd632a9ebe1

  • SHA512

    4347c51795b0cafd1edddc09580a8b66843d2bf6f9f423207b7e39671e446aa91a220b014b7f5d42b71dc0bba8e5e3533afcaf3c6a6c2504ab8b19b11e0eb9da

  • SSDEEP

    3072:lPC+eDpaZgaZ0MjXGxiQeS5pAgYIqGvJ6887lbyMGjXF1kqaholmtbCQVDrM8d7w:hjeDgV0MzQdZMGXF5ahdt3rM8d7TtLa

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      aa7b22d9d6545d441b189c8f24195f5209a7d13267a1e9c33deb0dd632a9ebe1

    • Size

      276KB

    • MD5

      ddd935fbf6f267c162638c2f59401f0c

    • SHA1

      251b1a1568f65d04ae94b0fb3214a36b19b9ead4

    • SHA256

      aa7b22d9d6545d441b189c8f24195f5209a7d13267a1e9c33deb0dd632a9ebe1

    • SHA512

      4347c51795b0cafd1edddc09580a8b66843d2bf6f9f423207b7e39671e446aa91a220b014b7f5d42b71dc0bba8e5e3533afcaf3c6a6c2504ab8b19b11e0eb9da

    • SSDEEP

      3072:lPC+eDpaZgaZ0MjXGxiQeS5pAgYIqGvJ6887lbyMGjXF1kqaholmtbCQVDrM8d7w:hjeDgV0MzQdZMGXF5ahdt3rM8d7TtLa

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks