General

  • Target

    b65bfcd00b25f5e2142b6a6499eb1406c39d6eb6e2e883aea76c5258d2252af6N

  • Size

    96KB

  • Sample

    241107-erctysxnhk

  • MD5

    65b3f70a4d3feaec215f2c7234a13070

  • SHA1

    f39bf73eee37b563380384f558fff81145dd1bf4

  • SHA256

    b65bfcd00b25f5e2142b6a6499eb1406c39d6eb6e2e883aea76c5258d2252af6

  • SHA512

    0f6e0a74a2e2b99f7dc868253692612690d261f8badd5d072125194d5f90388bd4cf54dfd83e459feb13f32e3639551257ff11510d3f20d7de08641c6ff9a7cd

  • SSDEEP

    1536:8DIJRKV6aHoOpI3QkAp2yeW7vpTljsPsSKSKIXGhj9Ge64e+0fpcpmduV9jojTI3:sSauIljsUuNXoj9hYpImd69jc0v

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b65bfcd00b25f5e2142b6a6499eb1406c39d6eb6e2e883aea76c5258d2252af6N

    • Size

      96KB

    • MD5

      65b3f70a4d3feaec215f2c7234a13070

    • SHA1

      f39bf73eee37b563380384f558fff81145dd1bf4

    • SHA256

      b65bfcd00b25f5e2142b6a6499eb1406c39d6eb6e2e883aea76c5258d2252af6

    • SHA512

      0f6e0a74a2e2b99f7dc868253692612690d261f8badd5d072125194d5f90388bd4cf54dfd83e459feb13f32e3639551257ff11510d3f20d7de08641c6ff9a7cd

    • SSDEEP

      1536:8DIJRKV6aHoOpI3QkAp2yeW7vpTljsPsSKSKIXGhj9Ge64e+0fpcpmduV9jojTI3:sSauIljsUuNXoj9hYpImd69jc0v

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks