General

  • Target

    1240a0da4f4b06e74e044f63f041363e8d0cebe76a48d4b1d9c0a03c744b060dN

  • Size

    1024KB

  • Sample

    241110-b8gmpawhnp

  • MD5

    f33a5095a7683eac9f5bb024471249e0

  • SHA1

    2a040fb74efae0c6bf591159448a4e987b30206c

  • SHA256

    1240a0da4f4b06e74e044f63f041363e8d0cebe76a48d4b1d9c0a03c744b060d

  • SHA512

    bf9c3aae0b78bded8dcffc0a7bf2cf55cc10875bb061155c2fc5a89c1b03d87c996fa8465bbf9f864ba8030d03663ba1f15e4d10b1c236650b05a8476677fc44

  • SSDEEP

    12288:XybEWxkY660fIaDZkY660f8jTK/XhdAwlt01PBExKN4P6IfKTLR+6CwUkEoH:XybgsaDZgQjGkwlks/6HnEO

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1240a0da4f4b06e74e044f63f041363e8d0cebe76a48d4b1d9c0a03c744b060dN

    • Size

      1024KB

    • MD5

      f33a5095a7683eac9f5bb024471249e0

    • SHA1

      2a040fb74efae0c6bf591159448a4e987b30206c

    • SHA256

      1240a0da4f4b06e74e044f63f041363e8d0cebe76a48d4b1d9c0a03c744b060d

    • SHA512

      bf9c3aae0b78bded8dcffc0a7bf2cf55cc10875bb061155c2fc5a89c1b03d87c996fa8465bbf9f864ba8030d03663ba1f15e4d10b1c236650b05a8476677fc44

    • SSDEEP

      12288:XybEWxkY660fIaDZkY660f8jTK/XhdAwlt01PBExKN4P6IfKTLR+6CwUkEoH:XybgsaDZgQjGkwlks/6HnEO

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks