General

  • Target

    daf4a19dc639e2a6a6d6c127464ac4074a95c5c2a4f974db9cea62de82a4aea2N

  • Size

    92KB

  • Sample

    241109-mdzqkasflp

  • MD5

    f2b1237dc384a6d9d86cdf99d1370100

  • SHA1

    3d92611eec69178c53df32a2c085f39ebb4760de

  • SHA256

    daf4a19dc639e2a6a6d6c127464ac4074a95c5c2a4f974db9cea62de82a4aea2

  • SHA512

    ae746851e5363aeb3e59f08af0d30d73adfe000c26d467de389f96200bec37dfc76f268047966b95940d126fa0ef758f39febe769584ef6d850cfa8c1eebc475

  • SSDEEP

    1536:FaG/ZwZwQGoixQBZuU7zaWfLX4Hz9iDV1LwVzcvmf13dz6yXJtuectP+OkCigjIa:Ft/ZwZwQGABZbffLIHz9UwVzlf13dz6D

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      daf4a19dc639e2a6a6d6c127464ac4074a95c5c2a4f974db9cea62de82a4aea2N

    • Size

      92KB

    • MD5

      f2b1237dc384a6d9d86cdf99d1370100

    • SHA1

      3d92611eec69178c53df32a2c085f39ebb4760de

    • SHA256

      daf4a19dc639e2a6a6d6c127464ac4074a95c5c2a4f974db9cea62de82a4aea2

    • SHA512

      ae746851e5363aeb3e59f08af0d30d73adfe000c26d467de389f96200bec37dfc76f268047966b95940d126fa0ef758f39febe769584ef6d850cfa8c1eebc475

    • SSDEEP

      1536:FaG/ZwZwQGoixQBZuU7zaWfLX4Hz9iDV1LwVzcvmf13dz6yXJtuectP+OkCigjIa:Ft/ZwZwQGABZbffLIHz9UwVzlf13dz6D

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks