General

  • Target

    cf3816cb2b1008bd539ce52b36ca3e821cf192b720a73c528d0b5e211b9f3d3dN

  • Size

    90KB

  • Sample

    241109-hltgasyqas

  • MD5

    fe05d42a12248190d778bc398b4e2bf0

  • SHA1

    4fc30699c4bc351d6bd216d20326f368a77d5519

  • SHA256

    cf3816cb2b1008bd539ce52b36ca3e821cf192b720a73c528d0b5e211b9f3d3d

  • SHA512

    e05132dbdf0cacaeea0d8e525ddeadb4b79e292e25210eedf8951090c5856028923a75a6d550f682fd29f94bd1aa0b9f756c7ac0ebac665de88844ab37777184

  • SSDEEP

    1536:uYtUQ8WDDXNIhI6PzGCsgrtUZ7oiRkDbL7K5x/GUu/Ub0VkVNK:uYtU6XNCFzGVS3bqr/GUu/Ub0+NK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      cf3816cb2b1008bd539ce52b36ca3e821cf192b720a73c528d0b5e211b9f3d3dN

    • Size

      90KB

    • MD5

      fe05d42a12248190d778bc398b4e2bf0

    • SHA1

      4fc30699c4bc351d6bd216d20326f368a77d5519

    • SHA256

      cf3816cb2b1008bd539ce52b36ca3e821cf192b720a73c528d0b5e211b9f3d3d

    • SHA512

      e05132dbdf0cacaeea0d8e525ddeadb4b79e292e25210eedf8951090c5856028923a75a6d550f682fd29f94bd1aa0b9f756c7ac0ebac665de88844ab37777184

    • SSDEEP

      1536:uYtUQ8WDDXNIhI6PzGCsgrtUZ7oiRkDbL7K5x/GUu/Ub0VkVNK:uYtU6XNCFzGVS3bqr/GUu/Ub0+NK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks