General

  • Target

    ad1e1de0c26f86f8524b491e680c9af42fa2c9cf42d449218577a0048a651b4cN

  • Size

    144KB

  • Sample

    241110-bn9gzayqfj

  • MD5

    bd06fe9e288f19d7656dee41fad48f30

  • SHA1

    87331789bb0391f9f2ea11435158a7a8a85deb48

  • SHA256

    ad1e1de0c26f86f8524b491e680c9af42fa2c9cf42d449218577a0048a651b4c

  • SHA512

    00a1068c7771ebf7e6a92c75c725490dcda07aa41e11fdf113e4b23aa0a1a61ce1f4e634640d5ad3b5e146a327039f5a877a4990abb701feab8300e2b0e868d0

  • SSDEEP

    3072:NJl3jVwJew4sr1Nwgb3a3+X13XRzrgHq/Wp+YmKfxgQL:NT5w4srHN7aOl3BzrUmKy0

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ad1e1de0c26f86f8524b491e680c9af42fa2c9cf42d449218577a0048a651b4cN

    • Size

      144KB

    • MD5

      bd06fe9e288f19d7656dee41fad48f30

    • SHA1

      87331789bb0391f9f2ea11435158a7a8a85deb48

    • SHA256

      ad1e1de0c26f86f8524b491e680c9af42fa2c9cf42d449218577a0048a651b4c

    • SHA512

      00a1068c7771ebf7e6a92c75c725490dcda07aa41e11fdf113e4b23aa0a1a61ce1f4e634640d5ad3b5e146a327039f5a877a4990abb701feab8300e2b0e868d0

    • SSDEEP

      3072:NJl3jVwJew4sr1Nwgb3a3+X13XRzrgHq/Wp+YmKfxgQL:NT5w4srHN7aOl3BzrUmKy0

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks