General

  • Target

    312dc764f63709808f7942f589a4f45ff2f97e53e047374033fa641a10b8e905N

  • Size

    74KB

  • Sample

    241110-b3k3xswkhw

  • MD5

    a2be1198f194090260c7259c50277c30

  • SHA1

    7b47d8ba57049ef280a968800f1f655f6f895679

  • SHA256

    312dc764f63709808f7942f589a4f45ff2f97e53e047374033fa641a10b8e905

  • SHA512

    e2ad360afd03366a2c3cf517aea3c06cda0b1688ee38ec4d9c345d4191b9a141eb48a98eb7b843dab437a05fc60cba2c229e331aab94655c46c53a4485cb5558

  • SSDEEP

    1536:NUGfpCYput5q6NSD2prb9YZ44PRAtVFYRWgAZ:mGfp7puvq6wc2Z4uit7YRBAZ

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      312dc764f63709808f7942f589a4f45ff2f97e53e047374033fa641a10b8e905N

    • Size

      74KB

    • MD5

      a2be1198f194090260c7259c50277c30

    • SHA1

      7b47d8ba57049ef280a968800f1f655f6f895679

    • SHA256

      312dc764f63709808f7942f589a4f45ff2f97e53e047374033fa641a10b8e905

    • SHA512

      e2ad360afd03366a2c3cf517aea3c06cda0b1688ee38ec4d9c345d4191b9a141eb48a98eb7b843dab437a05fc60cba2c229e331aab94655c46c53a4485cb5558

    • SSDEEP

      1536:NUGfpCYput5q6NSD2prb9YZ44PRAtVFYRWgAZ:mGfp7puvq6wc2Z4uit7YRBAZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks