General

  • Target

    12134f67be1eb274d3daae7a2729a0b7d18db3994f5a21dc3c3bbf8165481000N

  • Size

    368KB

  • Sample

    241107-ffjzkavmdx

  • MD5

    49fe73fdf07366d58da3b4bde7618690

  • SHA1

    341bc2b3b4a787c6e9e4fade847f7de15441446f

  • SHA256

    12134f67be1eb274d3daae7a2729a0b7d18db3994f5a21dc3c3bbf8165481000

  • SHA512

    7bb78709ed48b60c95be666ea75e55632fecede5c8b11e26ade3e0a80926184f9e7f2cc6746d63c2c02e0151a3c899268d910d1a12982bd701b44be20b7f06cb

  • SSDEEP

    6144:k+MLd47gVOHQO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwHlGrh/tOz:L/+zrWAI5KFum/+zrWAIAqWiO

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      12134f67be1eb274d3daae7a2729a0b7d18db3994f5a21dc3c3bbf8165481000N

    • Size

      368KB

    • MD5

      49fe73fdf07366d58da3b4bde7618690

    • SHA1

      341bc2b3b4a787c6e9e4fade847f7de15441446f

    • SHA256

      12134f67be1eb274d3daae7a2729a0b7d18db3994f5a21dc3c3bbf8165481000

    • SHA512

      7bb78709ed48b60c95be666ea75e55632fecede5c8b11e26ade3e0a80926184f9e7f2cc6746d63c2c02e0151a3c899268d910d1a12982bd701b44be20b7f06cb

    • SSDEEP

      6144:k+MLd47gVOHQO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwHlGrh/tOz:L/+zrWAI5KFum/+zrWAIAqWiO

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks