General

  • Target

    b30dd42e171d63fdca8fd0a45aabf7de2e7680dbda69a1731db8babfbb098aec

  • Size

    92KB

  • Sample

    241107-dwnatavaqd

  • MD5

    86cc9166e80ac155f9c1ab9a0076adaf

  • SHA1

    be8bc3d3c562f4f518da1c53a32c440ede376478

  • SHA256

    b30dd42e171d63fdca8fd0a45aabf7de2e7680dbda69a1731db8babfbb098aec

  • SHA512

    89b617c2966811f43bbe0fb9ca061747e5f26a1ed581824a8cec0fa791b1158f8e908800f36d22d2d9514aed09e4421f4ee9a5bedf4c4a55001b9c89b28a9529

  • SSDEEP

    1536:ZeTExGlFUSKe1yac1Si60vTysEIbFo6cJQShuamgqdylLS4diOtnKQrUoR24HsUs:EQxlSKe1yaCB7ysEIq6aQYYkdiH6THsR

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b30dd42e171d63fdca8fd0a45aabf7de2e7680dbda69a1731db8babfbb098aec

    • Size

      92KB

    • MD5

      86cc9166e80ac155f9c1ab9a0076adaf

    • SHA1

      be8bc3d3c562f4f518da1c53a32c440ede376478

    • SHA256

      b30dd42e171d63fdca8fd0a45aabf7de2e7680dbda69a1731db8babfbb098aec

    • SHA512

      89b617c2966811f43bbe0fb9ca061747e5f26a1ed581824a8cec0fa791b1158f8e908800f36d22d2d9514aed09e4421f4ee9a5bedf4c4a55001b9c89b28a9529

    • SSDEEP

      1536:ZeTExGlFUSKe1yac1Si60vTysEIbFo6cJQShuamgqdylLS4diOtnKQrUoR24HsUs:EQxlSKe1yaCB7ysEIq6aQYYkdiH6THsR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks