General

  • Target

    c93f8c47a82b17f433770007b7806ab5677b660fdda920797c8d2b89c92e1d4eN

  • Size

    112KB

  • Sample

    241107-ewqxdawbql

  • MD5

    c0ee053ac38f06a8d2825a519a7be210

  • SHA1

    52e5c0c2a9493f31fe213a8e596178f186ff9c4d

  • SHA256

    c93f8c47a82b17f433770007b7806ab5677b660fdda920797c8d2b89c92e1d4e

  • SHA512

    eda74b784fe68fd485f02a5a42a27605eadd54deb499009296c5b3a74a321f20b138cb289bff8ae2e25d932cf55c3298cdd6e728588e79ae4ab70036fb821f4a

  • SSDEEP

    1536:T9CXl1I+zQdgRJ6K0x1wWb7htu/35/j54LEoYSuikRynlypv8LIuCseNIQ:T9CXl1UgR30x1wWSX4Lzu+lc802eSQ

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c93f8c47a82b17f433770007b7806ab5677b660fdda920797c8d2b89c92e1d4eN

    • Size

      112KB

    • MD5

      c0ee053ac38f06a8d2825a519a7be210

    • SHA1

      52e5c0c2a9493f31fe213a8e596178f186ff9c4d

    • SHA256

      c93f8c47a82b17f433770007b7806ab5677b660fdda920797c8d2b89c92e1d4e

    • SHA512

      eda74b784fe68fd485f02a5a42a27605eadd54deb499009296c5b3a74a321f20b138cb289bff8ae2e25d932cf55c3298cdd6e728588e79ae4ab70036fb821f4a

    • SSDEEP

      1536:T9CXl1I+zQdgRJ6K0x1wWb7htu/35/j54LEoYSuikRynlypv8LIuCseNIQ:T9CXl1UgR30x1wWSX4Lzu+lc802eSQ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks