General

  • Target

    86598dd5772394d3f5ee30ef1b3a2810db45fba962b67891f31c957af94989d3N

  • Size

    74KB

  • Sample

    241109-lc3kdssbkm

  • MD5

    dbd2253122b8dd9b6dd7feb95584add0

  • SHA1

    ace4230038ff75adf4ac5caf01f8345a08f4374c

  • SHA256

    86598dd5772394d3f5ee30ef1b3a2810db45fba962b67891f31c957af94989d3

  • SHA512

    3997f573001e79f274ff8b10fda06a9a8781765e6dcece82e650f2d611bd053383fad2deb552fe5570ca388508ea02f942fb688800be33e6b7ec1cd35a12ab88

  • SSDEEP

    1536:cPsq3nDvBZkGtiRzOFAf1lU9seK4U9gyT6aaCJYSn+yyZ1OAk:chM1loK4pyTxYSn+yw4Ak

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      86598dd5772394d3f5ee30ef1b3a2810db45fba962b67891f31c957af94989d3N

    • Size

      74KB

    • MD5

      dbd2253122b8dd9b6dd7feb95584add0

    • SHA1

      ace4230038ff75adf4ac5caf01f8345a08f4374c

    • SHA256

      86598dd5772394d3f5ee30ef1b3a2810db45fba962b67891f31c957af94989d3

    • SHA512

      3997f573001e79f274ff8b10fda06a9a8781765e6dcece82e650f2d611bd053383fad2deb552fe5570ca388508ea02f942fb688800be33e6b7ec1cd35a12ab88

    • SSDEEP

      1536:cPsq3nDvBZkGtiRzOFAf1lU9seK4U9gyT6aaCJYSn+yyZ1OAk:chM1loK4pyTxYSn+yw4Ak

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks