General

  • Target

    04bcdcec770f36c6b9f32ec8f53739435437bf9490277f09400f51be76dbd9f4N

  • Size

    94KB

  • Sample

    241110-bkt8wawdqm

  • MD5

    61cb6eefedc7ce7fa989a1f28ef61d90

  • SHA1

    bca42fcfc731bd8dcd75fde15dfe2f3163a7acec

  • SHA256

    04bcdcec770f36c6b9f32ec8f53739435437bf9490277f09400f51be76dbd9f4

  • SHA512

    49d599bb11be95454aa240f4a6025e1ad150a943292569a018455fd4dd9835cac76451078061fcbf107be892879c397db7b73ebb228842a4a764bd3dbff85920

  • SSDEEP

    1536:mKlC0VxhR73jxmqeRuI/oseLXfdiJ8pjf6aPJJhu7BR9L4DT2EnINs:mKFxh93jxmq8uIwfgJGjbju6+ob

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      04bcdcec770f36c6b9f32ec8f53739435437bf9490277f09400f51be76dbd9f4N

    • Size

      94KB

    • MD5

      61cb6eefedc7ce7fa989a1f28ef61d90

    • SHA1

      bca42fcfc731bd8dcd75fde15dfe2f3163a7acec

    • SHA256

      04bcdcec770f36c6b9f32ec8f53739435437bf9490277f09400f51be76dbd9f4

    • SHA512

      49d599bb11be95454aa240f4a6025e1ad150a943292569a018455fd4dd9835cac76451078061fcbf107be892879c397db7b73ebb228842a4a764bd3dbff85920

    • SSDEEP

      1536:mKlC0VxhR73jxmqeRuI/oseLXfdiJ8pjf6aPJJhu7BR9L4DT2EnINs:mKFxh93jxmq8uIwfgJGjbju6+ob

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks