General

  • Target

    e7fa5dbb4ec3c8b27fbbbafcc779baf8ea9cebee9de8055f658986feb282aa11N

  • Size

    92KB

  • Sample

    241109-nxk7ysteqq

  • MD5

    beb75fa5088faa8c39e6bc111f4b9240

  • SHA1

    1ef7dcc80a5f0f5c6cf6576fb55ae54120c83c06

  • SHA256

    e7fa5dbb4ec3c8b27fbbbafcc779baf8ea9cebee9de8055f658986feb282aa11

  • SHA512

    169bc8bc9fb6e28c3f7178690024cd441e820396f430fb7a9fd76a527dfcb96649ec2a44f76a059545b8ad18dde5dc9a276882b060b38c6ba47560833081649d

  • SSDEEP

    1536:DRpuS3NHpRoGawqdkJgpWT/m/2oloHwoqUzekZVzN3imnunGP+W:DRpuS3NJRotwqx4/m/NXiekjzVbe4+W

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e7fa5dbb4ec3c8b27fbbbafcc779baf8ea9cebee9de8055f658986feb282aa11N

    • Size

      92KB

    • MD5

      beb75fa5088faa8c39e6bc111f4b9240

    • SHA1

      1ef7dcc80a5f0f5c6cf6576fb55ae54120c83c06

    • SHA256

      e7fa5dbb4ec3c8b27fbbbafcc779baf8ea9cebee9de8055f658986feb282aa11

    • SHA512

      169bc8bc9fb6e28c3f7178690024cd441e820396f430fb7a9fd76a527dfcb96649ec2a44f76a059545b8ad18dde5dc9a276882b060b38c6ba47560833081649d

    • SSDEEP

      1536:DRpuS3NHpRoGawqdkJgpWT/m/2oloHwoqUzekZVzN3imnunGP+W:DRpuS3NJRotwqx4/m/NXiekjzVbe4+W

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks