General

  • Target

    6cd55bc9456628d9367eb016a26909adf0b67a9d77732d51949744fb652a28bcN

  • Size

    96KB

  • Sample

    241109-sarhnswgld

  • MD5

    7b893a9bf6e661d50f4a6f9c422f81d0

  • SHA1

    5ba0b38ec391bef1895e0a4203780a04d3ae3349

  • SHA256

    6cd55bc9456628d9367eb016a26909adf0b67a9d77732d51949744fb652a28bc

  • SHA512

    ce22efd6433a542484f7818ed339bf84082df7978371a18720c9a0f884f070c0c7a33ece2852a7ca367c3edb5104cfb7b44eb54a6f76ecd605a99912245dda18

  • SSDEEP

    1536:e849hPhXRxiwk3rWbbhpPNxhyptXmMUUYP3Nsyg5tyTvshrUQVoMdUT+irF:mhPhBxiAbXlxhypt0UQ3NshyTvshr1R2

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6cd55bc9456628d9367eb016a26909adf0b67a9d77732d51949744fb652a28bcN

    • Size

      96KB

    • MD5

      7b893a9bf6e661d50f4a6f9c422f81d0

    • SHA1

      5ba0b38ec391bef1895e0a4203780a04d3ae3349

    • SHA256

      6cd55bc9456628d9367eb016a26909adf0b67a9d77732d51949744fb652a28bc

    • SHA512

      ce22efd6433a542484f7818ed339bf84082df7978371a18720c9a0f884f070c0c7a33ece2852a7ca367c3edb5104cfb7b44eb54a6f76ecd605a99912245dda18

    • SSDEEP

      1536:e849hPhXRxiwk3rWbbhpPNxhyptXmMUUYP3Nsyg5tyTvshrUQVoMdUT+irF:mhPhBxiAbXlxhypt0UQ3NshyTvshr1R2

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks