General

  • Target

    79462e0f9684bbcf3681d91cf900154c6bc75c032d103f7e6dcb8cea2030d9f6N

  • Size

    80KB

  • Sample

    241107-kjtemaygka

  • MD5

    5fa450154fef7c87965c1cba26b5b0e0

  • SHA1

    29c811ec34f49107c28bdd0c8dc7cba77ee27b9b

  • SHA256

    79462e0f9684bbcf3681d91cf900154c6bc75c032d103f7e6dcb8cea2030d9f6

  • SHA512

    2082d700e6e0c18cf0a6b1dba299d5a498705d69d0541c819e69e29e35e77be9cd330676877b6c0d44b19003c5fb09062fdacd680b2f3a9f61588d5113529e36

  • SSDEEP

    1536:Pg9JbV3TSIFa3O0AAvtgD5Zl3TLMZ7b7gg4zbbuaNNhYFeJuqnhCN:PyZV+gaekvtglZl3PKkpzbnNhYFeJLCN

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      79462e0f9684bbcf3681d91cf900154c6bc75c032d103f7e6dcb8cea2030d9f6N

    • Size

      80KB

    • MD5

      5fa450154fef7c87965c1cba26b5b0e0

    • SHA1

      29c811ec34f49107c28bdd0c8dc7cba77ee27b9b

    • SHA256

      79462e0f9684bbcf3681d91cf900154c6bc75c032d103f7e6dcb8cea2030d9f6

    • SHA512

      2082d700e6e0c18cf0a6b1dba299d5a498705d69d0541c819e69e29e35e77be9cd330676877b6c0d44b19003c5fb09062fdacd680b2f3a9f61588d5113529e36

    • SSDEEP

      1536:Pg9JbV3TSIFa3O0AAvtgD5Zl3TLMZ7b7gg4zbbuaNNhYFeJuqnhCN:PyZV+gaekvtglZl3PKkpzbnNhYFeJLCN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks