General

  • Target

    af987f531188165590a075e92e3c5e4d11c7493ebd8f891ff4de547bf57936e0N

  • Size

    96KB

  • Sample

    241109-rz6hfswepa

  • MD5

    56d45b3e49437d1f7582b07e60f6a590

  • SHA1

    e281c7ee5edfb2d85c6fc3da3e03cba7b7325c32

  • SHA256

    af987f531188165590a075e92e3c5e4d11c7493ebd8f891ff4de547bf57936e0

  • SHA512

    3cc9996356a5a8cd3da48846fee51f2d40776ceccde1f2c291e7e1ae73cb37c810dc6c9bbad5ff776a04ed33326c489ce45e42aeb4b9295a4572963362b4f38b

  • SSDEEP

    1536:1hqeTx6wYLqoyel81I8cFevRVLAXahrUQVoMdUT+irF:rqeTMJyKuMahr1Rhk

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      af987f531188165590a075e92e3c5e4d11c7493ebd8f891ff4de547bf57936e0N

    • Size

      96KB

    • MD5

      56d45b3e49437d1f7582b07e60f6a590

    • SHA1

      e281c7ee5edfb2d85c6fc3da3e03cba7b7325c32

    • SHA256

      af987f531188165590a075e92e3c5e4d11c7493ebd8f891ff4de547bf57936e0

    • SHA512

      3cc9996356a5a8cd3da48846fee51f2d40776ceccde1f2c291e7e1ae73cb37c810dc6c9bbad5ff776a04ed33326c489ce45e42aeb4b9295a4572963362b4f38b

    • SSDEEP

      1536:1hqeTx6wYLqoyel81I8cFevRVLAXahrUQVoMdUT+irF:rqeTMJyKuMahr1Rhk

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks