General

  • Target

    1170871312d9a99274c0ab57f17352e0a3db5b9b92bbda16d2effe4acffa5b62N

  • Size

    96KB

  • Sample

    241109-ta714axerk

  • MD5

    bf3441516fa9561d3409e516a8e96490

  • SHA1

    c15ac1ca7f99326526b20ae262e6f70643c85caf

  • SHA256

    1170871312d9a99274c0ab57f17352e0a3db5b9b92bbda16d2effe4acffa5b62

  • SHA512

    a0f6162d4ea01eeef1d4dce1af748e03e0ea8a4ef03d33ff9004c545a02e630e283a1aa6b5af8a7a67f2561f8cdb4234c7411c7271db5983137f517c2d07755e

  • SSDEEP

    3072:3KBSb1vg1zckAKmop4TUPWpLud69jc0v:jb1ocop4TSYud6NV

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1170871312d9a99274c0ab57f17352e0a3db5b9b92bbda16d2effe4acffa5b62N

    • Size

      96KB

    • MD5

      bf3441516fa9561d3409e516a8e96490

    • SHA1

      c15ac1ca7f99326526b20ae262e6f70643c85caf

    • SHA256

      1170871312d9a99274c0ab57f17352e0a3db5b9b92bbda16d2effe4acffa5b62

    • SHA512

      a0f6162d4ea01eeef1d4dce1af748e03e0ea8a4ef03d33ff9004c545a02e630e283a1aa6b5af8a7a67f2561f8cdb4234c7411c7271db5983137f517c2d07755e

    • SSDEEP

      3072:3KBSb1vg1zckAKmop4TUPWpLud69jc0v:jb1ocop4TSYud6NV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks