General

  • Target

    894b7925596453122639ec7fe6eb57e5948ca6c92f314eb4dbc62153e8b565fbN

  • Size

    74KB

  • Sample

    241107-etd5sswblq

  • MD5

    a7ee6165f7cb793b1226f9f27a24c0f0

  • SHA1

    420b7c28aab5466eddc1f1b462a4e5942cf1c7bb

  • SHA256

    894b7925596453122639ec7fe6eb57e5948ca6c92f314eb4dbc62153e8b565fb

  • SHA512

    d2a8a1d7cab1ae2a44bcc6b6306485d737d24c2bebe8f3b8e25a395101c06be0f59266c1ab400c25d12cf8eb66ccdf55a8f45d127b2aa27f51c6498d3fbcf950

  • SSDEEP

    1536:38oW484sGOWyMYtnrCIq3iYiWzzVD6iqdX:38JusPWyRn27Sgz4iqt

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      894b7925596453122639ec7fe6eb57e5948ca6c92f314eb4dbc62153e8b565fbN

    • Size

      74KB

    • MD5

      a7ee6165f7cb793b1226f9f27a24c0f0

    • SHA1

      420b7c28aab5466eddc1f1b462a4e5942cf1c7bb

    • SHA256

      894b7925596453122639ec7fe6eb57e5948ca6c92f314eb4dbc62153e8b565fb

    • SHA512

      d2a8a1d7cab1ae2a44bcc6b6306485d737d24c2bebe8f3b8e25a395101c06be0f59266c1ab400c25d12cf8eb66ccdf55a8f45d127b2aa27f51c6498d3fbcf950

    • SSDEEP

      1536:38oW484sGOWyMYtnrCIq3iYiWzzVD6iqdX:38JusPWyRn27Sgz4iqt

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks