General

  • Target

    fbcbd01d2ae5ede85f98adc67e209d615666e2a76c67ce7133badd68ebc1e278N

  • Size

    96KB

  • Sample

    241109-tdcz5azpdn

  • MD5

    b3bb6d557584ccfc57780b0278dfcfe0

  • SHA1

    03f5e046c13a085d0d993cf353d97b749eb0ab2d

  • SHA256

    fbcbd01d2ae5ede85f98adc67e209d615666e2a76c67ce7133badd68ebc1e278

  • SHA512

    4c9100deec4c3fea83bfd9d79bb33e9d7650b30c56e2ca2d8673fadb5ee4ffd28b517a23b35723dbed76423fc19e1a0239ad394ce6bdd7fb0544a8f135d39418

  • SSDEEP

    1536:mDIJRKV6aHoOpI3QkAp2yeW7vpTljsPsSKSKIXGhj9Ge64e+0fpck2tf74S7V+5K:iSauIljsUuNXoj9hYpRij4Sp+7H7wWkb

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      fbcbd01d2ae5ede85f98adc67e209d615666e2a76c67ce7133badd68ebc1e278N

    • Size

      96KB

    • MD5

      b3bb6d557584ccfc57780b0278dfcfe0

    • SHA1

      03f5e046c13a085d0d993cf353d97b749eb0ab2d

    • SHA256

      fbcbd01d2ae5ede85f98adc67e209d615666e2a76c67ce7133badd68ebc1e278

    • SHA512

      4c9100deec4c3fea83bfd9d79bb33e9d7650b30c56e2ca2d8673fadb5ee4ffd28b517a23b35723dbed76423fc19e1a0239ad394ce6bdd7fb0544a8f135d39418

    • SSDEEP

      1536:mDIJRKV6aHoOpI3QkAp2yeW7vpTljsPsSKSKIXGhj9Ge64e+0fpck2tf74S7V+5K:iSauIljsUuNXoj9hYpRij4Sp+7H7wWkb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks