General

  • Target

    9f8bcf42f3917c063def291e0c8e1036cd68bfc1c35a26129ae2d5409bafa048N

  • Size

    243KB

  • Sample

    241109-g57mlasldk

  • MD5

    ab2e40d77babf93e91b5d06718792dd0

  • SHA1

    f1b8937acf6d89e668a550e243b488549b87d1ec

  • SHA256

    9f8bcf42f3917c063def291e0c8e1036cd68bfc1c35a26129ae2d5409bafa048

  • SHA512

    e37385982facc238569b1c08f1e9a6e779e45e7c1f00f260955537e61ec9ff7c8051924b891452c4bc875bdb1284d81705b5f3fb55f3340a71cca1305eb9fc69

  • SSDEEP

    6144:jtZVnN0v/rxzUNaDJvZUvxrQBZg3kFz2so48J:jtZ87hUNaVvZhBZvz2V48J

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9f8bcf42f3917c063def291e0c8e1036cd68bfc1c35a26129ae2d5409bafa048N

    • Size

      243KB

    • MD5

      ab2e40d77babf93e91b5d06718792dd0

    • SHA1

      f1b8937acf6d89e668a550e243b488549b87d1ec

    • SHA256

      9f8bcf42f3917c063def291e0c8e1036cd68bfc1c35a26129ae2d5409bafa048

    • SHA512

      e37385982facc238569b1c08f1e9a6e779e45e7c1f00f260955537e61ec9ff7c8051924b891452c4bc875bdb1284d81705b5f3fb55f3340a71cca1305eb9fc69

    • SSDEEP

      6144:jtZVnN0v/rxzUNaDJvZUvxrQBZg3kFz2so48J:jtZ87hUNaVvZhBZvz2V48J

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks