General

  • Target

    c970629c847f62362acea1c61fa3f3dd234190ec3c3a20e51516f4863af6ec12N

  • Size

    669KB

  • Sample

    241109-ppaxpaxlcq

  • MD5

    b0fa323aff281611856018d93b0a01f0

  • SHA1

    53cf3768e41f1308da809d14298c7b7820825c85

  • SHA256

    c970629c847f62362acea1c61fa3f3dd234190ec3c3a20e51516f4863af6ec12

  • SHA512

    4fe40b67f0daa66a134fe0097a5d072a3ec3a8d7ee20ca46f83c438392fb8e25b6d3223b57a3cb4b001652b8198dc27be51569c02156fde88d84286e1f902c8a

  • SSDEEP

    12288:e7/GfeVKhMpQnqr+cI3a72LXrY6x46UbR/qYglMi:e7/GGchMpQnqrdX72LbY6x46uR/qYglN

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c970629c847f62362acea1c61fa3f3dd234190ec3c3a20e51516f4863af6ec12N

    • Size

      669KB

    • MD5

      b0fa323aff281611856018d93b0a01f0

    • SHA1

      53cf3768e41f1308da809d14298c7b7820825c85

    • SHA256

      c970629c847f62362acea1c61fa3f3dd234190ec3c3a20e51516f4863af6ec12

    • SHA512

      4fe40b67f0daa66a134fe0097a5d072a3ec3a8d7ee20ca46f83c438392fb8e25b6d3223b57a3cb4b001652b8198dc27be51569c02156fde88d84286e1f902c8a

    • SSDEEP

      12288:e7/GfeVKhMpQnqr+cI3a72LXrY6x46UbR/qYglMi:e7/GGchMpQnqrdX72LbY6x46uR/qYglN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks