General

  • Target

    fc999d8fb581d4025fb309104b99b135a3366bf87309034a5f42973c4510387eN

  • Size

    96KB

  • Sample

    241109-g2x9razarq

  • MD5

    1a0dde29bc84a182b37f42b420cb9cc0

  • SHA1

    0813b6fdaee70d17a8a439d935255f21dd0c56a0

  • SHA256

    fc999d8fb581d4025fb309104b99b135a3366bf87309034a5f42973c4510387e

  • SHA512

    d5d1a397b6ea00cb8632970fa949a4c6d1fd503c093eae46ef5bce988621fe33d79b2db2778820478fefae38214395bd55d875fc37952bb2893a5697bef5d503

  • SSDEEP

    1536:0qFFNT1t8iZsMQyN+W5LjD51m9pkeT2Is9f9TZhPjXs/e8duV9jojTIvjrH:0qzNjpN+WNdU9eeTfs9VTT0e8d69jc0X

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      fc999d8fb581d4025fb309104b99b135a3366bf87309034a5f42973c4510387eN

    • Size

      96KB

    • MD5

      1a0dde29bc84a182b37f42b420cb9cc0

    • SHA1

      0813b6fdaee70d17a8a439d935255f21dd0c56a0

    • SHA256

      fc999d8fb581d4025fb309104b99b135a3366bf87309034a5f42973c4510387e

    • SHA512

      d5d1a397b6ea00cb8632970fa949a4c6d1fd503c093eae46ef5bce988621fe33d79b2db2778820478fefae38214395bd55d875fc37952bb2893a5697bef5d503

    • SSDEEP

      1536:0qFFNT1t8iZsMQyN+W5LjD51m9pkeT2Is9f9TZhPjXs/e8duV9jojTIvjrH:0qzNjpN+WNdU9eeTfs9VTT0e8d69jc0X

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks