General

  • Target

    e0b4e043b3df84c71eea2703d07e4ce58bdd73ba8a5442729dba3b8549bdcb31N

  • Size

    192KB

  • Sample

    241109-nkr5qsspbw

  • MD5

    c29f3d36b600888c911ddce3b934d720

  • SHA1

    bc9601ace4fbc4863923a7b453dedc9e0d077edc

  • SHA256

    e0b4e043b3df84c71eea2703d07e4ce58bdd73ba8a5442729dba3b8549bdcb31

  • SHA512

    fe58ea175fd7ee83796fb0c2f9f96c543b977ec746d25d622efbf63d3fe4c6a8450281e8424b894b7c4995cfe0f8916705065c6e4f51063e622ba7ba791c365f

  • SSDEEP

    3072:kq+ptNA4F8/K8q2HhtpFJm+w1o8EveFKPD375lHzpa1P2FU6UK7q4+5DbGTO6GQJ:b+pMq2BXFJSEveYr75lHzpaF2e6UK+4H

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e0b4e043b3df84c71eea2703d07e4ce58bdd73ba8a5442729dba3b8549bdcb31N

    • Size

      192KB

    • MD5

      c29f3d36b600888c911ddce3b934d720

    • SHA1

      bc9601ace4fbc4863923a7b453dedc9e0d077edc

    • SHA256

      e0b4e043b3df84c71eea2703d07e4ce58bdd73ba8a5442729dba3b8549bdcb31

    • SHA512

      fe58ea175fd7ee83796fb0c2f9f96c543b977ec746d25d622efbf63d3fe4c6a8450281e8424b894b7c4995cfe0f8916705065c6e4f51063e622ba7ba791c365f

    • SSDEEP

      3072:kq+ptNA4F8/K8q2HhtpFJm+w1o8EveFKPD375lHzpa1P2FU6UK7q4+5DbGTO6GQJ:b+pMq2BXFJSEveYr75lHzpaF2e6UK+4H

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks