General

  • Target

    363a0cde370bff80d13603b8a2587f2df59f2fc1225885163ed88ceb75ea8c50N

  • Size

    97KB

  • Sample

    241109-sclefawgne

  • MD5

    49c017e6c29b1855480841ac00c58030

  • SHA1

    723b111b928124810de82a44e5b3e8fc331eb686

  • SHA256

    363a0cde370bff80d13603b8a2587f2df59f2fc1225885163ed88ceb75ea8c50

  • SHA512

    6bb1db87f77161fdc6e2d608a20a3513948d43dcb771f0c907114765121ebd20a1c264127eb0733a3e9c9e1a36fcbf020739777b5b450c9be42aeba12528b120

  • SSDEEP

    1536:+wDv2XUR1lORDbgkEmpbjhMFAD6QX1FKFgDvJXeYZ6:+wDv2kMfHnpZMFvQXLKCDJXeK6

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      363a0cde370bff80d13603b8a2587f2df59f2fc1225885163ed88ceb75ea8c50N

    • Size

      97KB

    • MD5

      49c017e6c29b1855480841ac00c58030

    • SHA1

      723b111b928124810de82a44e5b3e8fc331eb686

    • SHA256

      363a0cde370bff80d13603b8a2587f2df59f2fc1225885163ed88ceb75ea8c50

    • SHA512

      6bb1db87f77161fdc6e2d608a20a3513948d43dcb771f0c907114765121ebd20a1c264127eb0733a3e9c9e1a36fcbf020739777b5b450c9be42aeba12528b120

    • SSDEEP

      1536:+wDv2XUR1lORDbgkEmpbjhMFAD6QX1FKFgDvJXeYZ6:+wDv2kMfHnpZMFvQXLKCDJXeK6

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks