General

  • Target

    810747e2d1e47e23d867fe2c420c82e4452db8235dea3733a206622b2d34658fN

  • Size

    145KB

  • Sample

    241109-r2qj1swfpr

  • MD5

    9b7358abf3a7987c1f56699ab5fa0af0

  • SHA1

    a34f048c7ba7bd3cee582996866f82798964334c

  • SHA256

    810747e2d1e47e23d867fe2c420c82e4452db8235dea3733a206622b2d34658f

  • SHA512

    fd4bd8c5b3c78a12a78350b1eef92d84f52cc06b6f889fcc3321fc99b85c498914c83a81af5b65c7931ec921c01169fa8069696a7abc7f6d54e8c59b42637147

  • SSDEEP

    3072:jnSjc+7q/69AVcM26sMHedhWPz2rU52Pq7saBN1NHg:efec96sMWhWP8U5uqA8g

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      810747e2d1e47e23d867fe2c420c82e4452db8235dea3733a206622b2d34658fN

    • Size

      145KB

    • MD5

      9b7358abf3a7987c1f56699ab5fa0af0

    • SHA1

      a34f048c7ba7bd3cee582996866f82798964334c

    • SHA256

      810747e2d1e47e23d867fe2c420c82e4452db8235dea3733a206622b2d34658f

    • SHA512

      fd4bd8c5b3c78a12a78350b1eef92d84f52cc06b6f889fcc3321fc99b85c498914c83a81af5b65c7931ec921c01169fa8069696a7abc7f6d54e8c59b42637147

    • SSDEEP

      3072:jnSjc+7q/69AVcM26sMHedhWPz2rU52Pq7saBN1NHg:efec96sMWhWP8U5uqA8g

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks