General

  • Target

    5ae566a5e15c80102334eb8ddb621e19bf9b2417d06154c308e116bcab35522dN

  • Size

    192KB

  • Sample

    241107-dwg4sstlcs

  • MD5

    9f764ac16e9d56372ce7e9d9d4835270

  • SHA1

    bd65c0a0be61ad493326da1dc85460b73906bd83

  • SHA256

    5ae566a5e15c80102334eb8ddb621e19bf9b2417d06154c308e116bcab35522d

  • SHA512

    f894b89d9c46b30c34eadd45b344b5898f3a961116e89741a981fed968b5504109208a1baa83912c4ff7792f7373993390b2ca389d08aaf7098ed1d88d4bdda8

  • SSDEEP

    3072:fuDmLhi8i2ourZwmJGRF/TEVBoutkTy27zU:fuMI8ibucLLeBoSkTl7zU

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5ae566a5e15c80102334eb8ddb621e19bf9b2417d06154c308e116bcab35522dN

    • Size

      192KB

    • MD5

      9f764ac16e9d56372ce7e9d9d4835270

    • SHA1

      bd65c0a0be61ad493326da1dc85460b73906bd83

    • SHA256

      5ae566a5e15c80102334eb8ddb621e19bf9b2417d06154c308e116bcab35522d

    • SHA512

      f894b89d9c46b30c34eadd45b344b5898f3a961116e89741a981fed968b5504109208a1baa83912c4ff7792f7373993390b2ca389d08aaf7098ed1d88d4bdda8

    • SSDEEP

      3072:fuDmLhi8i2ourZwmJGRF/TEVBoutkTy27zU:fuMI8ibucLLeBoSkTl7zU

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks