General

  • Target

    0b05ae8e5941c6fb9ff98955d6a95863656eaf66187fe07ca94ca17326f2bdf9N

  • Size

    370KB

  • Sample

    241109-m8gs8swlhj

  • MD5

    cefc6aa7307ef336dd7320972686db40

  • SHA1

    439065d5c399f561a4a20c9b52e1b959589104aa

  • SHA256

    0b05ae8e5941c6fb9ff98955d6a95863656eaf66187fe07ca94ca17326f2bdf9

  • SHA512

    e059652f9e69854f856429fa8355fa9a3a3b11fc7e3b751d116b1059e99d776b7efcbbb4d942c2f4b2e16a98460644fbe16b2e403d5ad19c79e2139a8c832715

  • SSDEEP

    6144:L7pnMeNAOA11d1p1d1d1B1B1B1ijFYQmx147VveiLDG/dBn:L7pnMeNy11d1p1d1d1B1B1B1il7lVDcb

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0b05ae8e5941c6fb9ff98955d6a95863656eaf66187fe07ca94ca17326f2bdf9N

    • Size

      370KB

    • MD5

      cefc6aa7307ef336dd7320972686db40

    • SHA1

      439065d5c399f561a4a20c9b52e1b959589104aa

    • SHA256

      0b05ae8e5941c6fb9ff98955d6a95863656eaf66187fe07ca94ca17326f2bdf9

    • SHA512

      e059652f9e69854f856429fa8355fa9a3a3b11fc7e3b751d116b1059e99d776b7efcbbb4d942c2f4b2e16a98460644fbe16b2e403d5ad19c79e2139a8c832715

    • SSDEEP

      6144:L7pnMeNAOA11d1p1d1d1B1B1B1ijFYQmx147VveiLDG/dBn:L7pnMeNy11d1p1d1d1B1B1B1il7lVDcb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks