General

  • Target

    b076933fd34f3e3097d100699fe99c458dab1cf9a44ed507de44266cef1f95eeN

  • Size

    145KB

  • Sample

    241109-tvtzzazrhp

  • MD5

    e174ce7b765402e1bc05ea8f5d06e4c0

  • SHA1

    ec939b7dbe942c286b4745ffe80130bbdcd993a5

  • SHA256

    b076933fd34f3e3097d100699fe99c458dab1cf9a44ed507de44266cef1f95ee

  • SHA512

    165b46b23f444aa63a5667685a874bc073b6f7c3e9897af16699b43e73ea4885bbcc96af9d728b7f90a06689201f0ea54e437caf6ad2efde0030b1a45d4e945c

  • SSDEEP

    3072:LEDSe+ETncMNcc4oWPz2rU52Pq7saBN1NHg:LEO4n9cc4oWP8U5uqA8g

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b076933fd34f3e3097d100699fe99c458dab1cf9a44ed507de44266cef1f95eeN

    • Size

      145KB

    • MD5

      e174ce7b765402e1bc05ea8f5d06e4c0

    • SHA1

      ec939b7dbe942c286b4745ffe80130bbdcd993a5

    • SHA256

      b076933fd34f3e3097d100699fe99c458dab1cf9a44ed507de44266cef1f95ee

    • SHA512

      165b46b23f444aa63a5667685a874bc073b6f7c3e9897af16699b43e73ea4885bbcc96af9d728b7f90a06689201f0ea54e437caf6ad2efde0030b1a45d4e945c

    • SSDEEP

      3072:LEDSe+ETncMNcc4oWPz2rU52Pq7saBN1NHg:LEO4n9cc4oWP8U5uqA8g

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks