General

  • Target

    fce3bf2c515ee21252d7ae602d781ec8244e117ecef7104dcc40c689258291a9

  • Size

    96KB

  • Sample

    241107-hjqydszpdj

  • MD5

    0d1b5fa26ed88adfc7a319d29a8fbcce

  • SHA1

    e708091b2fc23a90af1780ed2f434d775b0a56f6

  • SHA256

    fce3bf2c515ee21252d7ae602d781ec8244e117ecef7104dcc40c689258291a9

  • SHA512

    74eb61eff5cb37aacca8aac2e1e523c8f44c9f0a015435352bf37c21f43c814350ee8bdd16cb24583d0b16ed62e3ee7ffc8652c87c89e220231b60982b7a004c

  • SSDEEP

    1536:t8xbc7eMqbEVrTj1oGpDe7b3gifFlxJsOfUEC8qQPkaaAjWbjtKBvU:ti2eMqbyrNVKHvfFlxGOMwfkaVwtCU

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      fce3bf2c515ee21252d7ae602d781ec8244e117ecef7104dcc40c689258291a9

    • Size

      96KB

    • MD5

      0d1b5fa26ed88adfc7a319d29a8fbcce

    • SHA1

      e708091b2fc23a90af1780ed2f434d775b0a56f6

    • SHA256

      fce3bf2c515ee21252d7ae602d781ec8244e117ecef7104dcc40c689258291a9

    • SHA512

      74eb61eff5cb37aacca8aac2e1e523c8f44c9f0a015435352bf37c21f43c814350ee8bdd16cb24583d0b16ed62e3ee7ffc8652c87c89e220231b60982b7a004c

    • SSDEEP

      1536:t8xbc7eMqbEVrTj1oGpDe7b3gifFlxJsOfUEC8qQPkaaAjWbjtKBvU:ti2eMqbyrNVKHvfFlxGOMwfkaVwtCU

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks