General

  • Target

    70dbb319dfddf1eb950595ca42955dcc32a8b18fa129847e6cae63194f0d8768N

  • Size

    96KB

  • Sample

    241107-eyr78avhnh

  • MD5

    be00c7e11ac7b21cdbe8edf9b9a3ece0

  • SHA1

    984688c5650efa93e35b016ed8c3061c04d8b48c

  • SHA256

    70dbb319dfddf1eb950595ca42955dcc32a8b18fa129847e6cae63194f0d8768

  • SHA512

    8afecd1302a1307544da1bb9c1caa238409929cd5fd0c2266ff69da9e365c8cc90ac2bccd3145c5424f3a1845b1e73075dfeed0b2bf32a8002540c80cb1e31ac

  • SSDEEP

    1536:TS95EYYzXLdEPh5TRQvRMVQF+3Ut+dSqwVuri2MmJ437duV9jojTIvjr:G2YYzXLdM5yv6VQYD8qqmJ4rd69jc0v

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      70dbb319dfddf1eb950595ca42955dcc32a8b18fa129847e6cae63194f0d8768N

    • Size

      96KB

    • MD5

      be00c7e11ac7b21cdbe8edf9b9a3ece0

    • SHA1

      984688c5650efa93e35b016ed8c3061c04d8b48c

    • SHA256

      70dbb319dfddf1eb950595ca42955dcc32a8b18fa129847e6cae63194f0d8768

    • SHA512

      8afecd1302a1307544da1bb9c1caa238409929cd5fd0c2266ff69da9e365c8cc90ac2bccd3145c5424f3a1845b1e73075dfeed0b2bf32a8002540c80cb1e31ac

    • SSDEEP

      1536:TS95EYYzXLdEPh5TRQvRMVQF+3Ut+dSqwVuri2MmJ437duV9jojTIvjr:G2YYzXLdM5yv6VQYD8qqmJ4rd69jc0v

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks