General

  • Target

    f2de25d713a231ff90a407caeeb3eb530adb50fe65025b6fc80a4ff7a928ae27N

  • Size

    112KB

  • Sample

    241109-g4algazbkf

  • MD5

    fa5ed62ababba6ef830cc8def6f5d650

  • SHA1

    ce1c2f7b1700e68b8c3311c59ec0b7b7076e97bb

  • SHA256

    f2de25d713a231ff90a407caeeb3eb530adb50fe65025b6fc80a4ff7a928ae27

  • SHA512

    3c01edd91681c4c8063564b0523127f0daa3b749fc2ad4f059dad6027f237f1464fba91cf4367318147f956e78128268aa136e1d6e629858644c08a043864e2d

  • SSDEEP

    3072:XnJwxLTolCHRF3tpX+ef2cFeJLCQnFIBOaCUjKaVLjd:ZwxPTRF3/uef2cFeJLbnCBbC+nVLjd

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f2de25d713a231ff90a407caeeb3eb530adb50fe65025b6fc80a4ff7a928ae27N

    • Size

      112KB

    • MD5

      fa5ed62ababba6ef830cc8def6f5d650

    • SHA1

      ce1c2f7b1700e68b8c3311c59ec0b7b7076e97bb

    • SHA256

      f2de25d713a231ff90a407caeeb3eb530adb50fe65025b6fc80a4ff7a928ae27

    • SHA512

      3c01edd91681c4c8063564b0523127f0daa3b749fc2ad4f059dad6027f237f1464fba91cf4367318147f956e78128268aa136e1d6e629858644c08a043864e2d

    • SSDEEP

      3072:XnJwxLTolCHRF3tpX+ef2cFeJLCQnFIBOaCUjKaVLjd:ZwxPTRF3/uef2cFeJLbnCBbC+nVLjd

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks