General

  • Target

    92d3f4cc50de2b2fa4210e6175217a181327c877077d1dc0f965aaa8e96b173dN

  • Size

    96KB

  • Sample

    241110-ardc9swamc

  • MD5

    76a244ed6c777aa0ad60e36238518810

  • SHA1

    d7d0be9556d8d69475915888fcd723205402ef5c

  • SHA256

    92d3f4cc50de2b2fa4210e6175217a181327c877077d1dc0f965aaa8e96b173d

  • SHA512

    eb7e7a42e5b0f33b811071b218ab256d0fcafe6a7fa17213ec10173fb44676c4cf3d10dd8039b0d5881645f28e5744ad246fbd84a6a0bd4bcca809f68578563a

  • SSDEEP

    1536:WDhzUlQaVnHFLeYKU5TdBd6N1M/F/BOmYCMy0QiLiizHNQNdq:WDhYltn4YKIp41Mt5OmYCMyELiAHONdq

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      92d3f4cc50de2b2fa4210e6175217a181327c877077d1dc0f965aaa8e96b173dN

    • Size

      96KB

    • MD5

      76a244ed6c777aa0ad60e36238518810

    • SHA1

      d7d0be9556d8d69475915888fcd723205402ef5c

    • SHA256

      92d3f4cc50de2b2fa4210e6175217a181327c877077d1dc0f965aaa8e96b173d

    • SHA512

      eb7e7a42e5b0f33b811071b218ab256d0fcafe6a7fa17213ec10173fb44676c4cf3d10dd8039b0d5881645f28e5744ad246fbd84a6a0bd4bcca809f68578563a

    • SSDEEP

      1536:WDhzUlQaVnHFLeYKU5TdBd6N1M/F/BOmYCMy0QiLiizHNQNdq:WDhYltn4YKIp41Mt5OmYCMyELiAHONdq

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks