General

  • Target

    dc14afde5e1a57b12af61a45a0014bebe75933477a7b05334f59570423a64ad8N

  • Size

    72KB

  • Sample

    241107-dl4vtatgqf

  • MD5

    8019e500b1eeb72ab63486a5c65aa550

  • SHA1

    406ce25450176a5bf63e986498c8376eeeaf21bd

  • SHA256

    dc14afde5e1a57b12af61a45a0014bebe75933477a7b05334f59570423a64ad8

  • SHA512

    a5ecd65074a914d92472cc1b7288231ef44d7fbad732cbf1413d005090e8fb5f1a17332643a7cede83e0001b4ce7c69f6c17e84b424b95125a5237935acb325a

  • SSDEEP

    1536:KG5TVSyqWTqJHwoy6FHru2c8+KAssJXcqOxL8ZTzbcJ+7zN5SKOhYXYFVZ:NPcJQZ2c8+KYsEXN5Shi2

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dc14afde5e1a57b12af61a45a0014bebe75933477a7b05334f59570423a64ad8N

    • Size

      72KB

    • MD5

      8019e500b1eeb72ab63486a5c65aa550

    • SHA1

      406ce25450176a5bf63e986498c8376eeeaf21bd

    • SHA256

      dc14afde5e1a57b12af61a45a0014bebe75933477a7b05334f59570423a64ad8

    • SHA512

      a5ecd65074a914d92472cc1b7288231ef44d7fbad732cbf1413d005090e8fb5f1a17332643a7cede83e0001b4ce7c69f6c17e84b424b95125a5237935acb325a

    • SSDEEP

      1536:KG5TVSyqWTqJHwoy6FHru2c8+KAssJXcqOxL8ZTzbcJ+7zN5SKOhYXYFVZ:NPcJQZ2c8+KYsEXN5Shi2

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks