General

  • Target

    ca49d881e20c2a1bbac7c28f71dda210b5cc9beee0fb4a59f8555a0fa49143cfN

  • Size

    464KB

  • Sample

    241107-j1w2eaxqc1

  • MD5

    c93277a3698554580d95d61fdd1eb7d0

  • SHA1

    6d72f0c13368740be1211bb29527effdf5974c84

  • SHA256

    ca49d881e20c2a1bbac7c28f71dda210b5cc9beee0fb4a59f8555a0fa49143cf

  • SHA512

    1cb4f166d373693863f5473bad10c07e950812452b588bb110f11f51cbadb85475cb5456b9b4b81eebe174dfb0a0c17d2a1ab3aa52b2be9a021e186520773080

  • SSDEEP

    12288:hqijENSz9ah2kkkkK4kXkkkkkkkkl888888888888888888nusG:hfLz9ah2kkkkK4kXkkkkkkkkK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ca49d881e20c2a1bbac7c28f71dda210b5cc9beee0fb4a59f8555a0fa49143cfN

    • Size

      464KB

    • MD5

      c93277a3698554580d95d61fdd1eb7d0

    • SHA1

      6d72f0c13368740be1211bb29527effdf5974c84

    • SHA256

      ca49d881e20c2a1bbac7c28f71dda210b5cc9beee0fb4a59f8555a0fa49143cf

    • SHA512

      1cb4f166d373693863f5473bad10c07e950812452b588bb110f11f51cbadb85475cb5456b9b4b81eebe174dfb0a0c17d2a1ab3aa52b2be9a021e186520773080

    • SSDEEP

      12288:hqijENSz9ah2kkkkK4kXkkkkkkkkl888888888888888888nusG:hfLz9ah2kkkkK4kXkkkkkkkkK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks