General

  • Target

    a5c5b81e90a0fb5d629e9f61a46c7c2a6e0eeea3a09fd3e4b7ef4790fbd08bd9

  • Size

    128KB

  • Sample

    241110-bp6gpswenm

  • MD5

    c6780b428c2640b4bf8012779bed084b

  • SHA1

    f2d9217a354eed3ba0da239dc61a55895376f394

  • SHA256

    a5c5b81e90a0fb5d629e9f61a46c7c2a6e0eeea3a09fd3e4b7ef4790fbd08bd9

  • SHA512

    d28e95c74ad78250f995c2a641aafffa6a44dde2a8bc62057de64b3c03a257a2dea2e67dc4d4795eb9c7b12e1f8e0b669bd486ce6aec3861d4f4fafef1f9802c

  • SSDEEP

    3072:8k3Ws5aX1SgF0+upGh+URDd1AZoUBW3FJeRuaWNXmgu+tB:vm2+SQRh+UJdWZHEFJ7aWN1B

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a5c5b81e90a0fb5d629e9f61a46c7c2a6e0eeea3a09fd3e4b7ef4790fbd08bd9

    • Size

      128KB

    • MD5

      c6780b428c2640b4bf8012779bed084b

    • SHA1

      f2d9217a354eed3ba0da239dc61a55895376f394

    • SHA256

      a5c5b81e90a0fb5d629e9f61a46c7c2a6e0eeea3a09fd3e4b7ef4790fbd08bd9

    • SHA512

      d28e95c74ad78250f995c2a641aafffa6a44dde2a8bc62057de64b3c03a257a2dea2e67dc4d4795eb9c7b12e1f8e0b669bd486ce6aec3861d4f4fafef1f9802c

    • SSDEEP

      3072:8k3Ws5aX1SgF0+upGh+URDd1AZoUBW3FJeRuaWNXmgu+tB:vm2+SQRh+UJdWZHEFJ7aWN1B

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks