General

  • Target

    fb2ebd6b94d052bf2d57d95012fe2e869ffd6ce7c7ee70dd639cb6750e68df7f

  • Size

    512KB

  • Sample

    241107-hgg8gazngm

  • MD5

    8e606fb228ae9b4a5c1fe963d5a07d8c

  • SHA1

    9d4c4ea710f474be1a8f10ee2e52c079c0fac8cf

  • SHA256

    fb2ebd6b94d052bf2d57d95012fe2e869ffd6ce7c7ee70dd639cb6750e68df7f

  • SHA512

    95718aee1aab3cc5a34b7477c54d120fb5d2b296d109e37c39c0245cf2e8baf292dc26ce14e36bc8a50b772617d1a3097024d4a6585a3b168ebbe7a5ad74b184

  • SSDEEP

    6144:+PuI1iH6/fpe6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42GTQMJSZO5f7wj7v0:+PRia0kY660fIaDZkY660f8jTK/Xhdz

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      fb2ebd6b94d052bf2d57d95012fe2e869ffd6ce7c7ee70dd639cb6750e68df7f

    • Size

      512KB

    • MD5

      8e606fb228ae9b4a5c1fe963d5a07d8c

    • SHA1

      9d4c4ea710f474be1a8f10ee2e52c079c0fac8cf

    • SHA256

      fb2ebd6b94d052bf2d57d95012fe2e869ffd6ce7c7ee70dd639cb6750e68df7f

    • SHA512

      95718aee1aab3cc5a34b7477c54d120fb5d2b296d109e37c39c0245cf2e8baf292dc26ce14e36bc8a50b772617d1a3097024d4a6585a3b168ebbe7a5ad74b184

    • SSDEEP

      6144:+PuI1iH6/fpe6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42GTQMJSZO5f7wj7v0:+PRia0kY660fIaDZkY660f8jTK/Xhdz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks