General

  • Target

    ff00a3dbfe28e3d094bdd4bff6d018cb359f89f6c1252a3b50acc503328903f2N

  • Size

    74KB

  • Sample

    241109-m895satbqe

  • MD5

    56b723391250b12fa4c14f2f39693ba0

  • SHA1

    431fe5de7fc6c8e1c8e2cea7c5b9006bd5a0ce03

  • SHA256

    ff00a3dbfe28e3d094bdd4bff6d018cb359f89f6c1252a3b50acc503328903f2

  • SHA512

    f5453a2d001aa13cb2a491ffd61ba1bfe76c0cc6ff59ba55ea8098852508fe938c9e242725ffb51d3584a501d6ff08b2b1e38bd9ebcb94a970c12485a09076ed

  • SSDEEP

    1536:0owFB4gBmA1HRQ1jRBH48o35PofvwNikIBA:CyAn8o3xoAwkIBA

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ff00a3dbfe28e3d094bdd4bff6d018cb359f89f6c1252a3b50acc503328903f2N

    • Size

      74KB

    • MD5

      56b723391250b12fa4c14f2f39693ba0

    • SHA1

      431fe5de7fc6c8e1c8e2cea7c5b9006bd5a0ce03

    • SHA256

      ff00a3dbfe28e3d094bdd4bff6d018cb359f89f6c1252a3b50acc503328903f2

    • SHA512

      f5453a2d001aa13cb2a491ffd61ba1bfe76c0cc6ff59ba55ea8098852508fe938c9e242725ffb51d3584a501d6ff08b2b1e38bd9ebcb94a970c12485a09076ed

    • SSDEEP

      1536:0owFB4gBmA1HRQ1jRBH48o35PofvwNikIBA:CyAn8o3xoAwkIBA

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks