General

  • Target

    be444f726afea3686b24e3f51b13d4385d04a68c37abfac2ef5984fbd014c496

  • Size

    161KB

  • Sample

    241110-cnkz2sxcpj

  • MD5

    c98e65d1f7d52ae2181b6b354482fa1c

  • SHA1

    16f8306c38cb7a30e6a36ed351988a833a9ae35c

  • SHA256

    be444f726afea3686b24e3f51b13d4385d04a68c37abfac2ef5984fbd014c496

  • SHA512

    c3b45f8303ab9c85ecee4ef1dbfdc33b64e7d1b55019626c21f67577b06588fb5055c4755d1de116fa79c8a388756e677b51bebb9011e696b4e0f655778b61ab

  • SSDEEP

    3072:GKYut2TBB/kn8TXMkbVwtCJXeex7rrIRZK8K8/kv:RtYnLMkbVwtmeetrIyR

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      be444f726afea3686b24e3f51b13d4385d04a68c37abfac2ef5984fbd014c496

    • Size

      161KB

    • MD5

      c98e65d1f7d52ae2181b6b354482fa1c

    • SHA1

      16f8306c38cb7a30e6a36ed351988a833a9ae35c

    • SHA256

      be444f726afea3686b24e3f51b13d4385d04a68c37abfac2ef5984fbd014c496

    • SHA512

      c3b45f8303ab9c85ecee4ef1dbfdc33b64e7d1b55019626c21f67577b06588fb5055c4755d1de116fa79c8a388756e677b51bebb9011e696b4e0f655778b61ab

    • SSDEEP

      3072:GKYut2TBB/kn8TXMkbVwtCJXeex7rrIRZK8K8/kv:RtYnLMkbVwtmeetrIyR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks