General

  • Target

    feb5c7213cd964556c3bb8035fe605a948f107869b18c2d81c0315ed50446320N

  • Size

    92KB

  • Sample

    241109-se64xswhrp

  • MD5

    f0f58a475d20d4bdf8c8432c7c82ff40

  • SHA1

    0095c1ee7d0248b6d453ab0498cf839de563c8e1

  • SHA256

    feb5c7213cd964556c3bb8035fe605a948f107869b18c2d81c0315ed50446320

  • SHA512

    f625ec8d3d17c5f58393d95c6d9a3afda4dbebbfb40eb252a3e72a35f77be660e0cd7eb762b31741543152abab089cda76770c00c2e3536615728d69deecf205

  • SSDEEP

    1536:o0ZteYn8/6yQtYzwEJl9NaZ53xFRQROGRpXIu9Ub9MGPTzaSN3imnunGP+W:xIY8/wYlb+FRQROGRpXDe9t3aSVbe4+W

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      feb5c7213cd964556c3bb8035fe605a948f107869b18c2d81c0315ed50446320N

    • Size

      92KB

    • MD5

      f0f58a475d20d4bdf8c8432c7c82ff40

    • SHA1

      0095c1ee7d0248b6d453ab0498cf839de563c8e1

    • SHA256

      feb5c7213cd964556c3bb8035fe605a948f107869b18c2d81c0315ed50446320

    • SHA512

      f625ec8d3d17c5f58393d95c6d9a3afda4dbebbfb40eb252a3e72a35f77be660e0cd7eb762b31741543152abab089cda76770c00c2e3536615728d69deecf205

    • SSDEEP

      1536:o0ZteYn8/6yQtYzwEJl9NaZ53xFRQROGRpXIu9Ub9MGPTzaSN3imnunGP+W:xIY8/wYlb+FRQROGRpXDe9t3aSVbe4+W

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks