General

  • Target

    70764137c66ebb2fe538f1c09d75f2dd6ceab5a9d25433896f2d79f5b7b1430eN

  • Size

    378KB

  • Sample

    241107-ep6z1svgkc

  • MD5

    e9d0c7ab3a4d82a9bc9c5f2a513de510

  • SHA1

    81b7b58d212a07889614b31ff263cad6c937e1da

  • SHA256

    70764137c66ebb2fe538f1c09d75f2dd6ceab5a9d25433896f2d79f5b7b1430e

  • SHA512

    4ddd6cd78090a28e3b4a267cc9480beb28017690986e570589e4fb72789a0e6c674a2fa04713d15f24ee0e109e44885fd6456e370460d74cf33bd03d4161a231

  • SSDEEP

    6144:rCULIbb4VDvEIeYr75lHzpaF2e6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42Gp:r7wEVQIeYr75lTefkY660fIaDZkY6605

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      70764137c66ebb2fe538f1c09d75f2dd6ceab5a9d25433896f2d79f5b7b1430eN

    • Size

      378KB

    • MD5

      e9d0c7ab3a4d82a9bc9c5f2a513de510

    • SHA1

      81b7b58d212a07889614b31ff263cad6c937e1da

    • SHA256

      70764137c66ebb2fe538f1c09d75f2dd6ceab5a9d25433896f2d79f5b7b1430e

    • SHA512

      4ddd6cd78090a28e3b4a267cc9480beb28017690986e570589e4fb72789a0e6c674a2fa04713d15f24ee0e109e44885fd6456e370460d74cf33bd03d4161a231

    • SSDEEP

      6144:rCULIbb4VDvEIeYr75lHzpaF2e6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42Gp:r7wEVQIeYr75lTefkY660fIaDZkY6605

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks