General

  • Target

    616cd38318b650430fe85a6eab56b90d26f403c118079575ab64aadd3d44ae63N

  • Size

    90KB

  • Sample

    241109-pmtxsavapg

  • MD5

    6f20574dbd545b2c3ad81b1d73349500

  • SHA1

    fd31420785992163dc2ee93f214e8c11601fb6ba

  • SHA256

    616cd38318b650430fe85a6eab56b90d26f403c118079575ab64aadd3d44ae63

  • SHA512

    cfde60958687f2d57ee6b65341833ef25b739a1e108ccafd7ef4091bd4ab893b3ef672df8022fda28452601a2bc5e454e86cbc99a22b23dbc331e112e58a3155

  • SSDEEP

    1536:QphfauCQaO+tRpD4DKP5j8jBPJ2hAjkSX0fOOQ/4BrGTI5Yxj:ua95PW9PXXoU/4kT0Yxj

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      616cd38318b650430fe85a6eab56b90d26f403c118079575ab64aadd3d44ae63N

    • Size

      90KB

    • MD5

      6f20574dbd545b2c3ad81b1d73349500

    • SHA1

      fd31420785992163dc2ee93f214e8c11601fb6ba

    • SHA256

      616cd38318b650430fe85a6eab56b90d26f403c118079575ab64aadd3d44ae63

    • SHA512

      cfde60958687f2d57ee6b65341833ef25b739a1e108ccafd7ef4091bd4ab893b3ef672df8022fda28452601a2bc5e454e86cbc99a22b23dbc331e112e58a3155

    • SSDEEP

      1536:QphfauCQaO+tRpD4DKP5j8jBPJ2hAjkSX0fOOQ/4BrGTI5Yxj:ua95PW9PXXoU/4kT0Yxj

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks