General

  • Target

    abb2259f85087afc16ce7cda6249470bbd1d81226f9dc436e6ed70f30f050ce6

  • Size

    96KB

  • Sample

    241107-dkt9zstgpc

  • MD5

    0aac250d80c7c1634028cab129827e99

  • SHA1

    d0ece13914d0e66148bbbb91a0a15b23ddf972db

  • SHA256

    abb2259f85087afc16ce7cda6249470bbd1d81226f9dc436e6ed70f30f050ce6

  • SHA512

    657e78a38708dd3216ced3ecbf7ec1612bdb33265d74c190d82b2e8ed18a218f9b3ca345b8093f70aee01e987c4663d11b02ae7bd1cd1f638ac589ba447960d2

  • SSDEEP

    1536:6UcsmtHOqL/O6jeBLMKG6LPWzD9PHWG0xmlkrOaAjWbjtKBvU:6UbmtHOqbf0MKG66zDwG0xmlkiVwtCU

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      abb2259f85087afc16ce7cda6249470bbd1d81226f9dc436e6ed70f30f050ce6

    • Size

      96KB

    • MD5

      0aac250d80c7c1634028cab129827e99

    • SHA1

      d0ece13914d0e66148bbbb91a0a15b23ddf972db

    • SHA256

      abb2259f85087afc16ce7cda6249470bbd1d81226f9dc436e6ed70f30f050ce6

    • SHA512

      657e78a38708dd3216ced3ecbf7ec1612bdb33265d74c190d82b2e8ed18a218f9b3ca345b8093f70aee01e987c4663d11b02ae7bd1cd1f638ac589ba447960d2

    • SSDEEP

      1536:6UcsmtHOqL/O6jeBLMKG6LPWzD9PHWG0xmlkrOaAjWbjtKBvU:6UbmtHOqbf0MKG66zDwG0xmlkiVwtCU

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks