General

  • Target

    c85b3b49fb6763897314f3bf8ff563ce71283cfc620866a54c28df0353442452

  • Size

    768KB

  • Sample

    241107-ew4s8sxphn

  • MD5

    dc849f156fec571303d1e9d39d529a25

  • SHA1

    f41fbc365a3759f00cda87cc6c175f81439241d3

  • SHA256

    c85b3b49fb6763897314f3bf8ff563ce71283cfc620866a54c28df0353442452

  • SHA512

    e9fa9ed96d5ebcdc7dc21c61e93797ee68950953ecab1738ecbaddf93950269ae2881dc4f8ecdc70d659ae0d39f59b78414367a6de3a508661049e55fa41c150

  • SSDEEP

    12288:VCG7/+zrWAI5KFum/+zrWAIAqWim/+zrWAI5KF4cr6VDsEqacjgqANXcol27Z5nY:VCG7m0BmmvFimm0Xcr6VDsEqacjgqAN1

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c85b3b49fb6763897314f3bf8ff563ce71283cfc620866a54c28df0353442452

    • Size

      768KB

    • MD5

      dc849f156fec571303d1e9d39d529a25

    • SHA1

      f41fbc365a3759f00cda87cc6c175f81439241d3

    • SHA256

      c85b3b49fb6763897314f3bf8ff563ce71283cfc620866a54c28df0353442452

    • SHA512

      e9fa9ed96d5ebcdc7dc21c61e93797ee68950953ecab1738ecbaddf93950269ae2881dc4f8ecdc70d659ae0d39f59b78414367a6de3a508661049e55fa41c150

    • SSDEEP

      12288:VCG7/+zrWAI5KFum/+zrWAIAqWim/+zrWAI5KF4cr6VDsEqacjgqANXcol27Z5nY:VCG7m0BmmvFimm0Xcr6VDsEqacjgqAN1

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks