General

  • Target

    37c0165835827e4be8a3640229f1fbca76abb002de006379032fef84e77a9878N

  • Size

    256KB

  • Sample

    241107-dqt66svcll

  • MD5

    67b6b4896a20e43ad29ff4dd20d44ed0

  • SHA1

    5385ec276c13149d4a54000ca4b010e5d187a23a

  • SHA256

    37c0165835827e4be8a3640229f1fbca76abb002de006379032fef84e77a9878

  • SHA512

    70128910ecfaf6e36d768232697ba80a40dfb8cf7224a55083dda3250c20c26997931116742b47f8da9ba77534f1158698e6f531394ad2ff65dbacffdbe404b6

  • SSDEEP

    3072:eDYZrRFu1ALfdKNk9soMCEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEESLjb5m0t4rX:eDkr1Lc6soAj0+r+Mds9X

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      37c0165835827e4be8a3640229f1fbca76abb002de006379032fef84e77a9878N

    • Size

      256KB

    • MD5

      67b6b4896a20e43ad29ff4dd20d44ed0

    • SHA1

      5385ec276c13149d4a54000ca4b010e5d187a23a

    • SHA256

      37c0165835827e4be8a3640229f1fbca76abb002de006379032fef84e77a9878

    • SHA512

      70128910ecfaf6e36d768232697ba80a40dfb8cf7224a55083dda3250c20c26997931116742b47f8da9ba77534f1158698e6f531394ad2ff65dbacffdbe404b6

    • SSDEEP

      3072:eDYZrRFu1ALfdKNk9soMCEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEESLjb5m0t4rX:eDkr1Lc6soAj0+r+Mds9X

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks