General

  • Target

    b48cb528dfa9d21c44ff9280f0f6b54a92f6a74d3e2b32c1b362db10df2dbd0bN

  • Size

    370KB

  • Sample

    241107-kdg5eayfle

  • MD5

    fccd449df039d2dc85514c18c32610d0

  • SHA1

    e0ddf07560607a541c42cb97737657d3502a747a

  • SHA256

    b48cb528dfa9d21c44ff9280f0f6b54a92f6a74d3e2b32c1b362db10df2dbd0b

  • SHA512

    c85a1fe9c45a59da681a743a5660f04262444a8b9ef2cfced7d24458f1ea4e920f630b9dec854c0f90d83b4b1b6f7815309df76cc6ecd7bb76bf9acb0a0cf979

  • SSDEEP

    3072:j0Qddlk9X6C71LcSoC8xGfLQPXuz4m1gz7XlveiGW23OHtGFOYdB4HS:jncnL0C8xYQmx147VveiLDG/dBn

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b48cb528dfa9d21c44ff9280f0f6b54a92f6a74d3e2b32c1b362db10df2dbd0bN

    • Size

      370KB

    • MD5

      fccd449df039d2dc85514c18c32610d0

    • SHA1

      e0ddf07560607a541c42cb97737657d3502a747a

    • SHA256

      b48cb528dfa9d21c44ff9280f0f6b54a92f6a74d3e2b32c1b362db10df2dbd0b

    • SHA512

      c85a1fe9c45a59da681a743a5660f04262444a8b9ef2cfced7d24458f1ea4e920f630b9dec854c0f90d83b4b1b6f7815309df76cc6ecd7bb76bf9acb0a0cf979

    • SSDEEP

      3072:j0Qddlk9X6C71LcSoC8xGfLQPXuz4m1gz7XlveiGW23OHtGFOYdB4HS:jncnL0C8xYQmx147VveiLDG/dBn

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks