General

  • Target

    ecb03a7ccc7d8f532ef8aa39a9e35e320018f9f967d8fb42c6b5977ace076684N

  • Size

    92KB

  • Sample

    241109-hbhl2sync1

  • MD5

    6426c3b499fc8fbab36df7fa3fc3da80

  • SHA1

    4770fc6725b4a2c3e7429a6308b6ddcb419e3208

  • SHA256

    ecb03a7ccc7d8f532ef8aa39a9e35e320018f9f967d8fb42c6b5977ace076684

  • SHA512

    adb5bd76b7184b1feaad441c65b0884e366edc7cffecc404474dd3e7d58f08b3d593aa2f7f9cb30a6eeb6d080929c3dc40227a3fa33c62c61412ff1ab2ee9833

  • SSDEEP

    1536:FiZ0x14ll6p8dM2lR22HoM8py0ecBazSuY6/KOfgnKQrUoR24HsUs:F5x14vC2Vofpytx/K26THsR

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ecb03a7ccc7d8f532ef8aa39a9e35e320018f9f967d8fb42c6b5977ace076684N

    • Size

      92KB

    • MD5

      6426c3b499fc8fbab36df7fa3fc3da80

    • SHA1

      4770fc6725b4a2c3e7429a6308b6ddcb419e3208

    • SHA256

      ecb03a7ccc7d8f532ef8aa39a9e35e320018f9f967d8fb42c6b5977ace076684

    • SHA512

      adb5bd76b7184b1feaad441c65b0884e366edc7cffecc404474dd3e7d58f08b3d593aa2f7f9cb30a6eeb6d080929c3dc40227a3fa33c62c61412ff1ab2ee9833

    • SSDEEP

      1536:FiZ0x14ll6p8dM2lR22HoM8py0ecBazSuY6/KOfgnKQrUoR24HsUs:F5x14vC2Vofpytx/K26THsR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks