General

  • Target

    025077f73b2b0dfe4ad52c3262092834b1b23d299abd989405c1da1edc96b8e4N

  • Size

    96KB

  • Sample

    241110-atbmfsvlav

  • MD5

    6ca20cd717450276368747493826d1b0

  • SHA1

    96b4dc889bbc1c47ee24a0765f96e15e2b681918

  • SHA256

    025077f73b2b0dfe4ad52c3262092834b1b23d299abd989405c1da1edc96b8e4

  • SHA512

    7d099ea7d174c90cd0eff96796bde7d41b7a4402fec6ee85bc63dbba510b63f3c06b96a596daf1ab6200f4b672400908e6192975bcb23834a938af2561af9187

  • SSDEEP

    1536:W1bgm6CCXxP7GCGoZhRdZB5b86JA0GCRduV9jojTIvjr:8UmOXxzjTZB5b8nCRd69jc0v

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      025077f73b2b0dfe4ad52c3262092834b1b23d299abd989405c1da1edc96b8e4N

    • Size

      96KB

    • MD5

      6ca20cd717450276368747493826d1b0

    • SHA1

      96b4dc889bbc1c47ee24a0765f96e15e2b681918

    • SHA256

      025077f73b2b0dfe4ad52c3262092834b1b23d299abd989405c1da1edc96b8e4

    • SHA512

      7d099ea7d174c90cd0eff96796bde7d41b7a4402fec6ee85bc63dbba510b63f3c06b96a596daf1ab6200f4b672400908e6192975bcb23834a938af2561af9187

    • SSDEEP

      1536:W1bgm6CCXxP7GCGoZhRdZB5b86JA0GCRduV9jojTIvjr:8UmOXxzjTZB5b8nCRd69jc0v

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks