General

  • Target

    a4009b9073f5fef29f0b7440385e2e4ad4e37cf73dad30b7330f2418302b030fN

  • Size

    74KB

  • Sample

    241109-nhqh5atcpp

  • MD5

    c9e124d5ff7bccc893d6efb1dd819230

  • SHA1

    aba1368ff72a4a2d13b65e87def59478f67af054

  • SHA256

    a4009b9073f5fef29f0b7440385e2e4ad4e37cf73dad30b7330f2418302b030f

  • SHA512

    e7b01dd553caa597dc8f8e43ecb198c2d47a83149fdd9179cb89b76d82a397f74028d8aab632284e56deb9320184f34e3758014cefe36d7ef876f6cec7b31742

  • SSDEEP

    1536:3BEgjBz98etDMt71Ghbx03hls3YvVlUofa7cikE62SV2q3rSFM4DDvfI+6Cl0gt:xEaByzt7AhEbs3cz4HvfI+Sg

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a4009b9073f5fef29f0b7440385e2e4ad4e37cf73dad30b7330f2418302b030fN

    • Size

      74KB

    • MD5

      c9e124d5ff7bccc893d6efb1dd819230

    • SHA1

      aba1368ff72a4a2d13b65e87def59478f67af054

    • SHA256

      a4009b9073f5fef29f0b7440385e2e4ad4e37cf73dad30b7330f2418302b030f

    • SHA512

      e7b01dd553caa597dc8f8e43ecb198c2d47a83149fdd9179cb89b76d82a397f74028d8aab632284e56deb9320184f34e3758014cefe36d7ef876f6cec7b31742

    • SSDEEP

      1536:3BEgjBz98etDMt71Ghbx03hls3YvVlUofa7cikE62SV2q3rSFM4DDvfI+6Cl0gt:xEaByzt7AhEbs3cz4HvfI+Sg

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks