General

  • Target

    0e93ef78a36e940d61168c4e44005b1ec6e67edd75b2bbc2f3dcea43c52164f7N

  • Size

    96KB

  • Sample

    241107-ez24tavhqd

  • MD5

    1ee1c9be9306d7c48e2ed4c1f8099750

  • SHA1

    c16cba22adb433bc81ee447e028ce861dadbf3b2

  • SHA256

    0e93ef78a36e940d61168c4e44005b1ec6e67edd75b2bbc2f3dcea43c52164f7

  • SHA512

    9f43634fd8279ddb683c4d0fea21d94dc7bbbbf334b50d7a2329ebcb14977c94b7c52e0fb77a04b1e26c085b88700cd9fec90e42f1b9c0127bd2cf80f9a919af

  • SSDEEP

    1536:2ZWWtGeHv0t3I7/NvwTS0KhAF1VdTz3QfhZB/BOmDCMy0QiLiizHNQNdq:/Wtfv0t3qeTxKheVdTz3QDB5OmDCMyEr

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0e93ef78a36e940d61168c4e44005b1ec6e67edd75b2bbc2f3dcea43c52164f7N

    • Size

      96KB

    • MD5

      1ee1c9be9306d7c48e2ed4c1f8099750

    • SHA1

      c16cba22adb433bc81ee447e028ce861dadbf3b2

    • SHA256

      0e93ef78a36e940d61168c4e44005b1ec6e67edd75b2bbc2f3dcea43c52164f7

    • SHA512

      9f43634fd8279ddb683c4d0fea21d94dc7bbbbf334b50d7a2329ebcb14977c94b7c52e0fb77a04b1e26c085b88700cd9fec90e42f1b9c0127bd2cf80f9a919af

    • SSDEEP

      1536:2ZWWtGeHv0t3I7/NvwTS0KhAF1VdTz3QfhZB/BOmDCMy0QiLiizHNQNdq:/Wtfv0t3qeTxKheVdTz3QDB5OmDCMyEr

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks