General

  • Target

    3acb8e19f2b3339b6c6a7bb2aee81e5a663a74e8c3922bb0e54da3873c956be6N

  • Size

    96KB

  • Sample

    241109-m9rd3awmaq

  • MD5

    6dd58e35cd31fc0b5918d808be8fda50

  • SHA1

    3ef184b447076c1ed9ae66ffb24f33ac210a2021

  • SHA256

    3acb8e19f2b3339b6c6a7bb2aee81e5a663a74e8c3922bb0e54da3873c956be6

  • SHA512

    642473634c0f7741f7505eaf9e3e56f94451f10b70aae8ca5fefc19279f46b4927c1eaa8b691565e83b4b6e6e567d3644f08381077c7e98e4b2d0457f0e093bb

  • SSDEEP

    1536:zinPpVz7lU5/68/EktxmnXSDA70duV9jojTIvjrH:A/vlU5H3/o0d69jc0vf

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3acb8e19f2b3339b6c6a7bb2aee81e5a663a74e8c3922bb0e54da3873c956be6N

    • Size

      96KB

    • MD5

      6dd58e35cd31fc0b5918d808be8fda50

    • SHA1

      3ef184b447076c1ed9ae66ffb24f33ac210a2021

    • SHA256

      3acb8e19f2b3339b6c6a7bb2aee81e5a663a74e8c3922bb0e54da3873c956be6

    • SHA512

      642473634c0f7741f7505eaf9e3e56f94451f10b70aae8ca5fefc19279f46b4927c1eaa8b691565e83b4b6e6e567d3644f08381077c7e98e4b2d0457f0e093bb

    • SSDEEP

      1536:zinPpVz7lU5/68/EktxmnXSDA70duV9jojTIvjrH:A/vlU5H3/o0d69jc0vf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks