General

  • Target

    7c020f2652fae12cea52809380686275be1b4867f7df0b511a6680c327ffe5e4N

  • Size

    100KB

  • Sample

    241107-e2x8msxqgp

  • MD5

    aa45be0c12c207feec17fffff723d040

  • SHA1

    3f8ce1f59a5ba804455bc89bc83741e30dc062ae

  • SHA256

    7c020f2652fae12cea52809380686275be1b4867f7df0b511a6680c327ffe5e4

  • SHA512

    11c95610563b35d984f5cb6594a0e79374a6ea0c04213dc04922094faeecf749e18923f3cf996a1513d6e99b740c5ccf0fe47a4ba1b151cd8df020f28fb4d7de

  • SSDEEP

    1536:l9Neuew8oDDAhKukEx4o5Yf+Mnrqg4FgblQQa3+om13XRzT:l9w5oDsAA5g+6jSgb3a3+X13XRzT

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7c020f2652fae12cea52809380686275be1b4867f7df0b511a6680c327ffe5e4N

    • Size

      100KB

    • MD5

      aa45be0c12c207feec17fffff723d040

    • SHA1

      3f8ce1f59a5ba804455bc89bc83741e30dc062ae

    • SHA256

      7c020f2652fae12cea52809380686275be1b4867f7df0b511a6680c327ffe5e4

    • SHA512

      11c95610563b35d984f5cb6594a0e79374a6ea0c04213dc04922094faeecf749e18923f3cf996a1513d6e99b740c5ccf0fe47a4ba1b151cd8df020f28fb4d7de

    • SSDEEP

      1536:l9Neuew8oDDAhKukEx4o5Yf+Mnrqg4FgblQQa3+om13XRzT:l9w5oDsAA5g+6jSgb3a3+X13XRzT

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks