General

  • Target

    839e46308b64dbce54cd17f5c280325ab292d34aa2207aa3b2c133d538179e70N

  • Size

    96KB

  • Sample

    241107-hc2fjsxhkm

  • MD5

    54d126e501337810087dbf012f7bb5d0

  • SHA1

    40c7bb15a8982b2c125a27165a96e8233b2e98bd

  • SHA256

    839e46308b64dbce54cd17f5c280325ab292d34aa2207aa3b2c133d538179e70

  • SHA512

    0209a785b1064a75e3c789603f35ad30a5fad27edd820bbf9a0d5d94229d40406032ea9b069a2ba87838f02bb80eadf05df18d6eb981a116a2b4156adcdfc303

  • SSDEEP

    1536:5Au5ta5amG7UCjxeR4pIjuL/Gp0fAtSUTBrdP2w15dAwSsFFfUN1Avhw6JCMd:5AuXwDG7tj8YL/5gBRP2w1esFFfUrQlZ

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      839e46308b64dbce54cd17f5c280325ab292d34aa2207aa3b2c133d538179e70N

    • Size

      96KB

    • MD5

      54d126e501337810087dbf012f7bb5d0

    • SHA1

      40c7bb15a8982b2c125a27165a96e8233b2e98bd

    • SHA256

      839e46308b64dbce54cd17f5c280325ab292d34aa2207aa3b2c133d538179e70

    • SHA512

      0209a785b1064a75e3c789603f35ad30a5fad27edd820bbf9a0d5d94229d40406032ea9b069a2ba87838f02bb80eadf05df18d6eb981a116a2b4156adcdfc303

    • SSDEEP

      1536:5Au5ta5amG7UCjxeR4pIjuL/Gp0fAtSUTBrdP2w15dAwSsFFfUN1Avhw6JCMd:5AuXwDG7tj8YL/5gBRP2w1esFFfUrQlZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks