General

  • Target

    21486ca8d5d9fd18274e5fc8fb0991a22e943283cf630122614e34c2837672a6N

  • Size

    844KB

  • Sample

    241107-dpb9zatjgz

  • MD5

    b4e49c78b8b70173c6a9b4b3aca68730

  • SHA1

    27ceeb3f103f81267741b4798c6c98d6f4421dc7

  • SHA256

    21486ca8d5d9fd18274e5fc8fb0991a22e943283cf630122614e34c2837672a6

  • SHA512

    3b547a8ef07189c8549d4fb30320f133441a4543f3e8328d447e78a9d778b9a1d6148c2cd0282b12f72a11ac1e12ae3ea889d9947571f535ca697aa5ccc6fd43

  • SSDEEP

    24576:VWAH5W3Tnbc53cp6p5vihMpQnqrdX72LbY6x46uR/qYglMi:QAH5W3TbGBihw+cdX2x46uhqllMi

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      21486ca8d5d9fd18274e5fc8fb0991a22e943283cf630122614e34c2837672a6N

    • Size

      844KB

    • MD5

      b4e49c78b8b70173c6a9b4b3aca68730

    • SHA1

      27ceeb3f103f81267741b4798c6c98d6f4421dc7

    • SHA256

      21486ca8d5d9fd18274e5fc8fb0991a22e943283cf630122614e34c2837672a6

    • SHA512

      3b547a8ef07189c8549d4fb30320f133441a4543f3e8328d447e78a9d778b9a1d6148c2cd0282b12f72a11ac1e12ae3ea889d9947571f535ca697aa5ccc6fd43

    • SSDEEP

      24576:VWAH5W3Tnbc53cp6p5vihMpQnqrdX72LbY6x46uR/qYglMi:QAH5W3TbGBihw+cdX2x46uhqllMi

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks