General

  • Target

    ee6244e7bb198c025d2912cbb7a47fc27bd28a6d316f32bfd6b5abef0ba4d206N

  • Size

    290KB

  • Sample

    241109-r8y5qsyrem

  • MD5

    ed91b59a49bca20b7acfd7fc4be325b0

  • SHA1

    c801b98d9163ac80e11832fd820a1477264a3d03

  • SHA256

    ee6244e7bb198c025d2912cbb7a47fc27bd28a6d316f32bfd6b5abef0ba4d206

  • SHA512

    849e25672a8b48d8cc8d4a3c0c246ed40aedb83e880192141652a7f4c8a5e22437e11019b62ccd1500ddbbfb1cfeaf9be0f00be025223e23e0c4a304ac89949e

  • SSDEEP

    6144:0k+423f7SU2jeUmKyIxLDXXoq9FJZCUmKyIxL:0K23f7qi32XXf9Do3

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ee6244e7bb198c025d2912cbb7a47fc27bd28a6d316f32bfd6b5abef0ba4d206N

    • Size

      290KB

    • MD5

      ed91b59a49bca20b7acfd7fc4be325b0

    • SHA1

      c801b98d9163ac80e11832fd820a1477264a3d03

    • SHA256

      ee6244e7bb198c025d2912cbb7a47fc27bd28a6d316f32bfd6b5abef0ba4d206

    • SHA512

      849e25672a8b48d8cc8d4a3c0c246ed40aedb83e880192141652a7f4c8a5e22437e11019b62ccd1500ddbbfb1cfeaf9be0f00be025223e23e0c4a304ac89949e

    • SSDEEP

      6144:0k+423f7SU2jeUmKyIxLDXXoq9FJZCUmKyIxL:0K23f7qi32XXf9Do3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks