General

  • Target

    00a5f405098ea2593a15389115583f4150ca7f9f5876acdb9f9746de4007f111N

  • Size

    128KB

  • Sample

    241109-km338szrbt

  • MD5

    8512d61dbe9ff70fd6d9956a090938e0

  • SHA1

    74ad6fda72b587034aad248659f7b44085f6fecf

  • SHA256

    00a5f405098ea2593a15389115583f4150ca7f9f5876acdb9f9746de4007f111

  • SHA512

    596ccc8f0c3ac2582e5743817414c1a091d4d9193ee93c9816308e5d4ba215a74eff17b11b50dbc8910710d9977c1bfe611f7b0698519a364d71b9e4a546fb08

  • SSDEEP

    1536:Q2bokWIYV3/qK4vbzOt/tI7Z0fmJccrjf8t4p/IqhXM0ZcWiqgF72S7f/QuMXi1/:AtZAXFrjUtg/IQXdmW2wS7IrHrYj

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      00a5f405098ea2593a15389115583f4150ca7f9f5876acdb9f9746de4007f111N

    • Size

      128KB

    • MD5

      8512d61dbe9ff70fd6d9956a090938e0

    • SHA1

      74ad6fda72b587034aad248659f7b44085f6fecf

    • SHA256

      00a5f405098ea2593a15389115583f4150ca7f9f5876acdb9f9746de4007f111

    • SHA512

      596ccc8f0c3ac2582e5743817414c1a091d4d9193ee93c9816308e5d4ba215a74eff17b11b50dbc8910710d9977c1bfe611f7b0698519a364d71b9e4a546fb08

    • SSDEEP

      1536:Q2bokWIYV3/qK4vbzOt/tI7Z0fmJccrjf8t4p/IqhXM0ZcWiqgF72S7f/QuMXi1/:AtZAXFrjUtg/IQXdmW2wS7IrHrYj

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks