General

  • Target

    cf41f1866fa0b295b7adad8ee376bf46cf9415c6552ac0e3e0f378ea679dfb9cN

  • Size

    243KB

  • Sample

    241109-lcgb6asbkc

  • MD5

    eb244841e63d38a18b2ad80908037930

  • SHA1

    aef8a718f027bdacc5d8dcfd041f1952c3d06abd

  • SHA256

    cf41f1866fa0b295b7adad8ee376bf46cf9415c6552ac0e3e0f378ea679dfb9c

  • SHA512

    e96ed07155575a1123fc9d7333ee3b014292a4c6048adf9ab669ceb97a5481d942aad9732524f53a26e5dc99d2aed6a027147d044d013399b06adca704873920

  • SSDEEP

    6144:20gBLhQhCiJKNDzkrxzUNaDJvZUvxrQBZg3kFz2so48J:20OLShRJKkhUNaVvZhBZvz2V48J

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      cf41f1866fa0b295b7adad8ee376bf46cf9415c6552ac0e3e0f378ea679dfb9cN

    • Size

      243KB

    • MD5

      eb244841e63d38a18b2ad80908037930

    • SHA1

      aef8a718f027bdacc5d8dcfd041f1952c3d06abd

    • SHA256

      cf41f1866fa0b295b7adad8ee376bf46cf9415c6552ac0e3e0f378ea679dfb9c

    • SHA512

      e96ed07155575a1123fc9d7333ee3b014292a4c6048adf9ab669ceb97a5481d942aad9732524f53a26e5dc99d2aed6a027147d044d013399b06adca704873920

    • SSDEEP

      6144:20gBLhQhCiJKNDzkrxzUNaDJvZUvxrQBZg3kFz2so48J:20OLShRJKkhUNaVvZhBZvz2V48J

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks