General

  • Target

    9e7b8245c1c8c1fb0b1023c05c1c21211a316897cf5cf6e9385415b6e8268ec6

  • Size

    108KB

  • Sample

    241110-bew6aawejh

  • MD5

    fb0140f189bfb3be850a6e96ac6f3a62

  • SHA1

    81385e98738696b17edfaa92a8c06d3865abf6bb

  • SHA256

    9e7b8245c1c8c1fb0b1023c05c1c21211a316897cf5cf6e9385415b6e8268ec6

  • SHA512

    409ad7bd95dcd30dc052c3c40cee68ab97954446ac9077cd52e6984e6a2867582e88311fa4e48e54eca1e78dcf5c7fdc357b999dcbe3016dd18e790273d12731

  • SSDEEP

    3072:dhAXEIXLClrxbi4BjEGt4roGAfTsgFcFmKcUsvKwF:dhAbXul9iRzQTs0Us

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9e7b8245c1c8c1fb0b1023c05c1c21211a316897cf5cf6e9385415b6e8268ec6

    • Size

      108KB

    • MD5

      fb0140f189bfb3be850a6e96ac6f3a62

    • SHA1

      81385e98738696b17edfaa92a8c06d3865abf6bb

    • SHA256

      9e7b8245c1c8c1fb0b1023c05c1c21211a316897cf5cf6e9385415b6e8268ec6

    • SHA512

      409ad7bd95dcd30dc052c3c40cee68ab97954446ac9077cd52e6984e6a2867582e88311fa4e48e54eca1e78dcf5c7fdc357b999dcbe3016dd18e790273d12731

    • SSDEEP

      3072:dhAXEIXLClrxbi4BjEGt4roGAfTsgFcFmKcUsvKwF:dhAbXul9iRzQTs0Us

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks