General

  • Target

    7bf5195c2db8d86397a626a8b70e6f2665910df4f04a50b9b33c7bd087ab2e51N

  • Size

    128KB

  • Sample

    241107-khfr5syfre

  • MD5

    2e098ef18f5195fa9045016b24b84680

  • SHA1

    1cefff4b92005be65dee2d60e0002cd0682b24e6

  • SHA256

    7bf5195c2db8d86397a626a8b70e6f2665910df4f04a50b9b33c7bd087ab2e51

  • SHA512

    f90f186a7c2ceb90ed8f4185dd9aa1e273ba8332163a33e8e3c4d2e03346a3dde1721af50b72e5102daf49d2c2c1faf0b9cb9d9dffa1c5ebb5181b7e88c0df97

  • SSDEEP

    3072:YFBj8xtDcGWucwNAIzVmXwmW2wS7IrHrYj:YFmqGWwpYAmHwMOHm

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7bf5195c2db8d86397a626a8b70e6f2665910df4f04a50b9b33c7bd087ab2e51N

    • Size

      128KB

    • MD5

      2e098ef18f5195fa9045016b24b84680

    • SHA1

      1cefff4b92005be65dee2d60e0002cd0682b24e6

    • SHA256

      7bf5195c2db8d86397a626a8b70e6f2665910df4f04a50b9b33c7bd087ab2e51

    • SHA512

      f90f186a7c2ceb90ed8f4185dd9aa1e273ba8332163a33e8e3c4d2e03346a3dde1721af50b72e5102daf49d2c2c1faf0b9cb9d9dffa1c5ebb5181b7e88c0df97

    • SSDEEP

      3072:YFBj8xtDcGWucwNAIzVmXwmW2wS7IrHrYj:YFmqGWwpYAmHwMOHm

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks