General

  • Target

    27983acd223e8bca7addbcc5107f7976714c44383883b1eb691b1d3449a448a3N

  • Size

    90KB

  • Sample

    241107-ejapmavhnp

  • MD5

    aaad31929265f91483e12d98de3c9d20

  • SHA1

    f504d7efb132d1e7c79a10031e349bb421b831dc

  • SHA256

    27983acd223e8bca7addbcc5107f7976714c44383883b1eb691b1d3449a448a3

  • SHA512

    e3b7f71568e81862b409c336a8e84953d72c8db6051074a12ef8bb34ccdf1d083c5a09b6796dc6e2a177ed8d0843643e94d7da20735999b61428d977ae22c837

  • SSDEEP

    1536:q/Pwg1Iq0tBdht/ElWHp3miypGRjCA7Hg4GDjlOtmVKbGNu/Ub0VkVNK:JtTTMsJmzAmD8trGNu/Ub0+NK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      27983acd223e8bca7addbcc5107f7976714c44383883b1eb691b1d3449a448a3N

    • Size

      90KB

    • MD5

      aaad31929265f91483e12d98de3c9d20

    • SHA1

      f504d7efb132d1e7c79a10031e349bb421b831dc

    • SHA256

      27983acd223e8bca7addbcc5107f7976714c44383883b1eb691b1d3449a448a3

    • SHA512

      e3b7f71568e81862b409c336a8e84953d72c8db6051074a12ef8bb34ccdf1d083c5a09b6796dc6e2a177ed8d0843643e94d7da20735999b61428d977ae22c837

    • SSDEEP

      1536:q/Pwg1Iq0tBdht/ElWHp3miypGRjCA7Hg4GDjlOtmVKbGNu/Ub0VkVNK:JtTTMsJmzAmD8trGNu/Ub0+NK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks