General

  • Target

    ada8e83bdae652c11dc53484f242cb174f04bc842da7841bcf14d519f85a0bd1N

  • Size

    76KB

  • Sample

    241110-bqrd6syqhr

  • MD5

    3d75a343b704d7ba8502755a84153f60

  • SHA1

    4dc12214f3202adc19f987697ca697ce4285dbd4

  • SHA256

    ada8e83bdae652c11dc53484f242cb174f04bc842da7841bcf14d519f85a0bd1

  • SHA512

    5ff493e347edb753d0977ff40c63ddb77c45afb4c6044cd56050a0254954af063a61697fd3b55009403b98719f5300aa181056a375df944b01eec5601d42dcb6

  • SSDEEP

    1536:hI6AOTqmypaOjNihfhM8Ry99jOXYyXP2sS0Cl+K3f5jXGI:TvykOjNihfij9je/m++RjWI

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ada8e83bdae652c11dc53484f242cb174f04bc842da7841bcf14d519f85a0bd1N

    • Size

      76KB

    • MD5

      3d75a343b704d7ba8502755a84153f60

    • SHA1

      4dc12214f3202adc19f987697ca697ce4285dbd4

    • SHA256

      ada8e83bdae652c11dc53484f242cb174f04bc842da7841bcf14d519f85a0bd1

    • SHA512

      5ff493e347edb753d0977ff40c63ddb77c45afb4c6044cd56050a0254954af063a61697fd3b55009403b98719f5300aa181056a375df944b01eec5601d42dcb6

    • SSDEEP

      1536:hI6AOTqmypaOjNihfhM8Ry99jOXYyXP2sS0Cl+K3f5jXGI:TvykOjNihfij9je/m++RjWI

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks