General

  • Target

    48a54095e11fdc4d698292d3ade93ec347ceff0e41b9f662fe91d8806c089865N

  • Size

    556KB

  • Sample

    241109-g911lszckr

  • MD5

    b5f9fa5706661bdc0c06d454d40dc1e0

  • SHA1

    b9e748ab3de544554771c1403631e45b7c99dcda

  • SHA256

    48a54095e11fdc4d698292d3ade93ec347ceff0e41b9f662fe91d8806c089865

  • SHA512

    93670986b85ac50cb89bba9bff0de76bc6f91d47ce48a681b79d559a8fd4144a138aa2df2079537babbe2c09512d6cc2f1b118431247108e8eea73c4ca59facc

  • SSDEEP

    12288:r8jF97aOlxzr3cOK3TajRfXFMKNxr9Z7tEGVqT4Df:r8jL7aOlxzLyTajRfXFMKNxr9Z7tEGVJ

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      48a54095e11fdc4d698292d3ade93ec347ceff0e41b9f662fe91d8806c089865N

    • Size

      556KB

    • MD5

      b5f9fa5706661bdc0c06d454d40dc1e0

    • SHA1

      b9e748ab3de544554771c1403631e45b7c99dcda

    • SHA256

      48a54095e11fdc4d698292d3ade93ec347ceff0e41b9f662fe91d8806c089865

    • SHA512

      93670986b85ac50cb89bba9bff0de76bc6f91d47ce48a681b79d559a8fd4144a138aa2df2079537babbe2c09512d6cc2f1b118431247108e8eea73c4ca59facc

    • SSDEEP

      12288:r8jF97aOlxzr3cOK3TajRfXFMKNxr9Z7tEGVqT4Df:r8jL7aOlxzLyTajRfXFMKNxr9Z7tEGVJ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks