General

  • Target

    6e5edb4f0db4879ff89ec700f8596f969979d5d4a47cabe0b26873af0efdf1daN

  • Size

    302KB

  • Sample

    241107-jws4ys1mfr

  • MD5

    cdaf068be55fb351fddfa62448713bc0

  • SHA1

    0593fbbb302b5ea1e6fad0eea134bbb686a58646

  • SHA256

    6e5edb4f0db4879ff89ec700f8596f969979d5d4a47cabe0b26873af0efdf1da

  • SHA512

    c991752ffea17551488f0ce4486502df939b52756361b98ae939df065c2bc0c36955d11579af5cc3f0cf71d6be101148d43b67bccad2f05a17cf186c07de9776

  • SSDEEP

    6144:u47LBUGO3FF7fPtcsw6UJZqktbOUqCTGepXgbWH:uI63FF7fFcsw6UJZqktbDqCTGepXgbWH

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6e5edb4f0db4879ff89ec700f8596f969979d5d4a47cabe0b26873af0efdf1daN

    • Size

      302KB

    • MD5

      cdaf068be55fb351fddfa62448713bc0

    • SHA1

      0593fbbb302b5ea1e6fad0eea134bbb686a58646

    • SHA256

      6e5edb4f0db4879ff89ec700f8596f969979d5d4a47cabe0b26873af0efdf1da

    • SHA512

      c991752ffea17551488f0ce4486502df939b52756361b98ae939df065c2bc0c36955d11579af5cc3f0cf71d6be101148d43b67bccad2f05a17cf186c07de9776

    • SSDEEP

      6144:u47LBUGO3FF7fPtcsw6UJZqktbOUqCTGepXgbWH:uI63FF7fFcsw6UJZqktbDqCTGepXgbWH

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks