General

  • Target

    76c06b022bdd89e7520e0dca4dce6cf532cf222dad754842d10c252c3a71badeN

  • Size

    1.6MB

  • Sample

    241110-cqhmpsxcrp

  • MD5

    dc790038d88f8e8abd63b87f46727ec0

  • SHA1

    2a6be8a0b0e2b5c69399863f11dceab824abc306

  • SHA256

    76c06b022bdd89e7520e0dca4dce6cf532cf222dad754842d10c252c3a71bade

  • SHA512

    6335914eae0ab0e86545799fdcadbfec0f0c06d3972a37aa4ec03846e9781576d4fdc1ae6d49689b2882d113da793bcdf7dae89e80e66bfee0e7ecd2923c9102

  • SSDEEP

    49152:p0SqigTG+g+h6dvrBV1gerPxHxmbuio8g3Qy0HyNtK35KOdSTG+g+h6dvrBV1geD:p0ggk7kv

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      76c06b022bdd89e7520e0dca4dce6cf532cf222dad754842d10c252c3a71badeN

    • Size

      1.6MB

    • MD5

      dc790038d88f8e8abd63b87f46727ec0

    • SHA1

      2a6be8a0b0e2b5c69399863f11dceab824abc306

    • SHA256

      76c06b022bdd89e7520e0dca4dce6cf532cf222dad754842d10c252c3a71bade

    • SHA512

      6335914eae0ab0e86545799fdcadbfec0f0c06d3972a37aa4ec03846e9781576d4fdc1ae6d49689b2882d113da793bcdf7dae89e80e66bfee0e7ecd2923c9102

    • SSDEEP

      49152:p0SqigTG+g+h6dvrBV1gerPxHxmbuio8g3Qy0HyNtK35KOdSTG+g+h6dvrBV1geD:p0ggk7kv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks