General

  • Target

    89bb5d7bbba1236b798184493cfba61da616e2336a463cf854ff297989dd14bdN

  • Size

    80KB

  • Sample

    241107-hnkl6sxgjb

  • MD5

    44075cb999182502a3d103859449f1b0

  • SHA1

    a36acd65a22b964442e63960d2146fd8225049f0

  • SHA256

    89bb5d7bbba1236b798184493cfba61da616e2336a463cf854ff297989dd14bd

  • SHA512

    2c36f45cc50135d613322ac3d7d8f35b96a2a0c07dc322c6db290459f1ad38efee4a9b7777a0f0744eb7ddcca35b7bbe82873d180deb98f6ff60ac06dca7cc19

  • SSDEEP

    1536:86Ch+HKSqeLpyukk0WyoPSqidbPQb78am3RpkrN2fifDULSRcGJBFeJuqnhCN:86Ch+sew9BqAL0wq4f0GGnFeJLCN

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      89bb5d7bbba1236b798184493cfba61da616e2336a463cf854ff297989dd14bdN

    • Size

      80KB

    • MD5

      44075cb999182502a3d103859449f1b0

    • SHA1

      a36acd65a22b964442e63960d2146fd8225049f0

    • SHA256

      89bb5d7bbba1236b798184493cfba61da616e2336a463cf854ff297989dd14bd

    • SHA512

      2c36f45cc50135d613322ac3d7d8f35b96a2a0c07dc322c6db290459f1ad38efee4a9b7777a0f0744eb7ddcca35b7bbe82873d180deb98f6ff60ac06dca7cc19

    • SSDEEP

      1536:86Ch+HKSqeLpyukk0WyoPSqidbPQb78am3RpkrN2fifDULSRcGJBFeJuqnhCN:86Ch+sew9BqAL0wq4f0GGnFeJLCN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks