General

  • Target

    0280c6ba8fe47e1cdb18e3b1afe6256da472516be146a4389fe49e4a5f6a98a1N

  • Size

    256KB

  • Sample

    241107-hxga4sxgrg

  • MD5

    a5f0db4fac9c398c45c74ee67254ebc0

  • SHA1

    aeab27251028adf2b95a89e82176006ea464f5bd

  • SHA256

    0280c6ba8fe47e1cdb18e3b1afe6256da472516be146a4389fe49e4a5f6a98a1

  • SHA512

    5e554a0c1fc41253acb1958c85b1677b17897af754ddcc871f75f403056e80be29a1f35e3dea03d11d5c194560c5092bebcfb2c0c6a38b8632c5352398b02a1a

  • SSDEEP

    3072:H6qh0+ztVVzzXq0PrDumYFEcCQ1UkY1UkVHe1rUtst76UtoUtFVgtRQ2c+j:HB2Et7zz7PrO1p1PY1PRe19V+j

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0280c6ba8fe47e1cdb18e3b1afe6256da472516be146a4389fe49e4a5f6a98a1N

    • Size

      256KB

    • MD5

      a5f0db4fac9c398c45c74ee67254ebc0

    • SHA1

      aeab27251028adf2b95a89e82176006ea464f5bd

    • SHA256

      0280c6ba8fe47e1cdb18e3b1afe6256da472516be146a4389fe49e4a5f6a98a1

    • SHA512

      5e554a0c1fc41253acb1958c85b1677b17897af754ddcc871f75f403056e80be29a1f35e3dea03d11d5c194560c5092bebcfb2c0c6a38b8632c5352398b02a1a

    • SSDEEP

      3072:H6qh0+ztVVzzXq0PrDumYFEcCQ1UkY1UkVHe1rUtst76UtoUtFVgtRQ2c+j:HB2Et7zz7PrO1p1PY1PRe19V+j

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks