General

  • Target

    02274c1a6420da076888a935d5fb5979781b0efc4ff9d1d77d86298a04e5eb34N

  • Size

    109KB

  • Sample

    241107-e7mdbsxrdk

  • MD5

    581a5397aa8f09eaef5f6fe1e43697c0

  • SHA1

    7d4c96cae17ad30ac979a156515cd7f7a6d7ac4d

  • SHA256

    02274c1a6420da076888a935d5fb5979781b0efc4ff9d1d77d86298a04e5eb34

  • SHA512

    91f84cb433bbff71944512c605cbc16e77705958bc8f85175e849ad67ea3c28a9070be39e9d24e536f68bae7f2a2ccea2e826925f0534900c6a7870286f7964f

  • SSDEEP

    3072:90+Q513491cNbXoypJ9YLCqwzBu1DjHLMVDqqkSpR:2FwctYeJ94wtu1DjrFqhz

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      02274c1a6420da076888a935d5fb5979781b0efc4ff9d1d77d86298a04e5eb34N

    • Size

      109KB

    • MD5

      581a5397aa8f09eaef5f6fe1e43697c0

    • SHA1

      7d4c96cae17ad30ac979a156515cd7f7a6d7ac4d

    • SHA256

      02274c1a6420da076888a935d5fb5979781b0efc4ff9d1d77d86298a04e5eb34

    • SHA512

      91f84cb433bbff71944512c605cbc16e77705958bc8f85175e849ad67ea3c28a9070be39e9d24e536f68bae7f2a2ccea2e826925f0534900c6a7870286f7964f

    • SSDEEP

      3072:90+Q513491cNbXoypJ9YLCqwzBu1DjHLMVDqqkSpR:2FwctYeJ94wtu1DjrFqhz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks