General

  • Target

    6147b7e91f4b562306b2a254fb9a134f765fb5b267b97f84b3582c44399ef9b2N

  • Size

    90KB

  • Sample

    241107-ha51yswqbw

  • MD5

    ca65bff213b1f6d2956a04a614a35650

  • SHA1

    f1d57d7a16c86705a1bcc8ceb8ec62811b88fb36

  • SHA256

    6147b7e91f4b562306b2a254fb9a134f765fb5b267b97f84b3582c44399ef9b2

  • SHA512

    c4febb6d87463e1d4d9362a8ab67e5c6aaabfe83e0cd24b440a274fbcfd4b6a445cbaf10866c9d656c48fcb6dca7046836063627c86930651c0d536bfdd6546e

  • SSDEEP

    1536:k+PWpGHcrSB8gmlJ+z60l7DQ8VGBu/Ub0VkVNK:zP7O+R7jVGBu/Ub0+NK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6147b7e91f4b562306b2a254fb9a134f765fb5b267b97f84b3582c44399ef9b2N

    • Size

      90KB

    • MD5

      ca65bff213b1f6d2956a04a614a35650

    • SHA1

      f1d57d7a16c86705a1bcc8ceb8ec62811b88fb36

    • SHA256

      6147b7e91f4b562306b2a254fb9a134f765fb5b267b97f84b3582c44399ef9b2

    • SHA512

      c4febb6d87463e1d4d9362a8ab67e5c6aaabfe83e0cd24b440a274fbcfd4b6a445cbaf10866c9d656c48fcb6dca7046836063627c86930651c0d536bfdd6546e

    • SSDEEP

      1536:k+PWpGHcrSB8gmlJ+z60l7DQ8VGBu/Ub0VkVNK:zP7O+R7jVGBu/Ub0+NK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks