General

  • Target

    464d743dcb14d050e5da74a3c6f7bfc9d28579c34ab9c9048494ed8330d8220fN

  • Size

    90KB

  • Sample

    241109-tpj8ksxfmh

  • MD5

    279c87575277ad070070f2d290117ed0

  • SHA1

    b25029944a49b763fe599dc9a0cf5eb79e928e50

  • SHA256

    464d743dcb14d050e5da74a3c6f7bfc9d28579c34ab9c9048494ed8330d8220f

  • SHA512

    54fcde206531f13805f6586d4c36b40fde0aadef6ea2170bf4bc922a92e87358866f82af26f6c9e0bb7349f1933a3371dff31ab2c36c98a2c48093e504c8bb7a

  • SSDEEP

    1536:KnvoUodeEPLr/tmowAsY4ji++t6kfczjr85cOgvcLoLyNujKqtRD1fnI4BG3u/UW:82rYBftPm0tRD1jG3u/Ub0+NK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      464d743dcb14d050e5da74a3c6f7bfc9d28579c34ab9c9048494ed8330d8220fN

    • Size

      90KB

    • MD5

      279c87575277ad070070f2d290117ed0

    • SHA1

      b25029944a49b763fe599dc9a0cf5eb79e928e50

    • SHA256

      464d743dcb14d050e5da74a3c6f7bfc9d28579c34ab9c9048494ed8330d8220f

    • SHA512

      54fcde206531f13805f6586d4c36b40fde0aadef6ea2170bf4bc922a92e87358866f82af26f6c9e0bb7349f1933a3371dff31ab2c36c98a2c48093e504c8bb7a

    • SSDEEP

      1536:KnvoUodeEPLr/tmowAsY4ji++t6kfczjr85cOgvcLoLyNujKqtRD1fnI4BG3u/UW:82rYBftPm0tRD1jG3u/Ub0+NK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks