General

  • Target

    fb089ddf4c72aa7111a5690bfc37514b4e8d2f88e0d16f893bdc96358e571a5dN

  • Size

    302KB

  • Sample

    241107-kbss5ayfje

  • MD5

    b0858ed138885bcb0866e5b8d56bb3f0

  • SHA1

    0ac1b3da518cff793ac7ec5d7f25f4e0f2781aae

  • SHA256

    fb089ddf4c72aa7111a5690bfc37514b4e8d2f88e0d16f893bdc96358e571a5d

  • SHA512

    338a7a16a2c502f502645d2fc673c00e6c16def0b76835fba856cfa667989a85ad624836db7ecde6719b5ca61d17586e3160b885ca173b3a7014d2f317b85280

  • SSDEEP

    6144:fuMI8ibucLLeF3FF7fPtcsw6UJZqktbOUqCTGepXgbWH:TIfdL83FF7fFcsw6UJZqktbDqCTGepXD

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      fb089ddf4c72aa7111a5690bfc37514b4e8d2f88e0d16f893bdc96358e571a5dN

    • Size

      302KB

    • MD5

      b0858ed138885bcb0866e5b8d56bb3f0

    • SHA1

      0ac1b3da518cff793ac7ec5d7f25f4e0f2781aae

    • SHA256

      fb089ddf4c72aa7111a5690bfc37514b4e8d2f88e0d16f893bdc96358e571a5d

    • SHA512

      338a7a16a2c502f502645d2fc673c00e6c16def0b76835fba856cfa667989a85ad624836db7ecde6719b5ca61d17586e3160b885ca173b3a7014d2f317b85280

    • SSDEEP

      6144:fuMI8ibucLLeF3FF7fPtcsw6UJZqktbOUqCTGepXgbWH:TIfdL83FF7fFcsw6UJZqktbDqCTGepXD

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks