General

  • Target

    b7d6e5993b5f11036d70dcac645fe0709b4b82fe17c80915f714ca95a3ee9b80N

  • Size

    320KB

  • Sample

    241107-h3l4jsyclk

  • MD5

    c9d82fcb848d899774e59413c6e16de0

  • SHA1

    5f6bd070853a54236298a515fb62c2ece85d6fc5

  • SHA256

    b7d6e5993b5f11036d70dcac645fe0709b4b82fe17c80915f714ca95a3ee9b80

  • SHA512

    4d6f78643dca34a78b4d818fcede9968c83e922fe33d87ea03e5dbb9979b4378abe4abd6347d08ee01fc12010f859241ce708e37ec0ecd3cc7a9c180cd14c818

  • SSDEEP

    6144:BSaNMXokp5cQO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwp:fglpO/+zrWAI5KFum/+zrWAIAqe

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b7d6e5993b5f11036d70dcac645fe0709b4b82fe17c80915f714ca95a3ee9b80N

    • Size

      320KB

    • MD5

      c9d82fcb848d899774e59413c6e16de0

    • SHA1

      5f6bd070853a54236298a515fb62c2ece85d6fc5

    • SHA256

      b7d6e5993b5f11036d70dcac645fe0709b4b82fe17c80915f714ca95a3ee9b80

    • SHA512

      4d6f78643dca34a78b4d818fcede9968c83e922fe33d87ea03e5dbb9979b4378abe4abd6347d08ee01fc12010f859241ce708e37ec0ecd3cc7a9c180cd14c818

    • SSDEEP

      6144:BSaNMXokp5cQO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwp:fglpO/+zrWAI5KFum/+zrWAIAqe

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks