General

  • Target

    7e2a6985cfefa959c8daee271d02a518d0037e730c108fcea89d77da6d28d0e6N

  • Size

    109KB

  • Sample

    241109-ga8w6sxrcw

  • MD5

    72734e7cab8758e3444d23a92bdc8cf0

  • SHA1

    7a008f5f4bad54cac50abe8b5b6f2ea0cfa74ca2

  • SHA256

    7e2a6985cfefa959c8daee271d02a518d0037e730c108fcea89d77da6d28d0e6

  • SHA512

    f0786be27293b6e0672911245b4c2a8010ec4eb0267cf5045cce8f6f5542bb023ddf13989f7e41d6996f96edde94a9c04527bc9f1137ce4227189574a546ae1f

  • SSDEEP

    3072:ifdyq2XuAhghZ6zJ9ILCqwzBu1DjHLMVDqqkSpR:Kdb2XRJ9Iwtu1DjrFqhz

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7e2a6985cfefa959c8daee271d02a518d0037e730c108fcea89d77da6d28d0e6N

    • Size

      109KB

    • MD5

      72734e7cab8758e3444d23a92bdc8cf0

    • SHA1

      7a008f5f4bad54cac50abe8b5b6f2ea0cfa74ca2

    • SHA256

      7e2a6985cfefa959c8daee271d02a518d0037e730c108fcea89d77da6d28d0e6

    • SHA512

      f0786be27293b6e0672911245b4c2a8010ec4eb0267cf5045cce8f6f5542bb023ddf13989f7e41d6996f96edde94a9c04527bc9f1137ce4227189574a546ae1f

    • SSDEEP

      3072:ifdyq2XuAhghZ6zJ9ILCqwzBu1DjHLMVDqqkSpR:Kdb2XRJ9Iwtu1DjrFqhz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks