General

  • Target

    bd53e7396d2bef0ab3772dc1f4a9db68efc4ddfa74bd4050f4dae4d7c7b883db

  • Size

    100KB

  • Sample

    241107-edqhwsvgqk

  • MD5

    c511c530a334b3e16dce576b5bc0ebc8

  • SHA1

    16547e4cce8128ad86b0a555827b0e84ccf6058b

  • SHA256

    bd53e7396d2bef0ab3772dc1f4a9db68efc4ddfa74bd4050f4dae4d7c7b883db

  • SHA512

    ba992758bce5973d3f453285a6b570921afb9890cc4b06ddf7197d0560a46c68dc954531de67b9bc83e9f47ed6cee0b74bab882edd40162f421fd8d6a98e351b

  • SSDEEP

    1536:wYvbK+MBMkjEJbS5xrgCqcQ0JZyoKHtXqOKaH2qgiFgblQQa3+om13XRz:vxkj8b2gExZyPNoUgb3a3+X13XRz

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bd53e7396d2bef0ab3772dc1f4a9db68efc4ddfa74bd4050f4dae4d7c7b883db

    • Size

      100KB

    • MD5

      c511c530a334b3e16dce576b5bc0ebc8

    • SHA1

      16547e4cce8128ad86b0a555827b0e84ccf6058b

    • SHA256

      bd53e7396d2bef0ab3772dc1f4a9db68efc4ddfa74bd4050f4dae4d7c7b883db

    • SHA512

      ba992758bce5973d3f453285a6b570921afb9890cc4b06ddf7197d0560a46c68dc954531de67b9bc83e9f47ed6cee0b74bab882edd40162f421fd8d6a98e351b

    • SSDEEP

      1536:wYvbK+MBMkjEJbS5xrgCqcQ0JZyoKHtXqOKaH2qgiFgblQQa3+om13XRz:vxkj8b2gExZyPNoUgb3a3+X13XRz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks