General

  • Target

    b34d9972dcced7d158a51b6e71576bdfccd3dad3e07ec187921ec0b34d91383eN

  • Size

    90KB

  • Sample

    241110-cqqcjsxdjj

  • MD5

    adc1afbef5dda6f3f71d81183630c840

  • SHA1

    696e237ff4ed683a476b45327c2fd0ce43bf9fb9

  • SHA256

    b34d9972dcced7d158a51b6e71576bdfccd3dad3e07ec187921ec0b34d91383e

  • SHA512

    5dff13c0226cd7181eceb15ef7ec16de1edf2b0faa7e43f06dcac353f43623b346a72e893657c1f8d476307d40889c29cb5ccf195e253ef9c3b2462e181adb88

  • SSDEEP

    1536:2p9TtLrLbB4nPLiVuneq+f32z6+aMMNxqYWj+VEMGau/Ub0VkVNK:2vTt3L+PWVueq+/Y6+aM6qYgMGau/Ubi

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b34d9972dcced7d158a51b6e71576bdfccd3dad3e07ec187921ec0b34d91383eN

    • Size

      90KB

    • MD5

      adc1afbef5dda6f3f71d81183630c840

    • SHA1

      696e237ff4ed683a476b45327c2fd0ce43bf9fb9

    • SHA256

      b34d9972dcced7d158a51b6e71576bdfccd3dad3e07ec187921ec0b34d91383e

    • SHA512

      5dff13c0226cd7181eceb15ef7ec16de1edf2b0faa7e43f06dcac353f43623b346a72e893657c1f8d476307d40889c29cb5ccf195e253ef9c3b2462e181adb88

    • SSDEEP

      1536:2p9TtLrLbB4nPLiVuneq+f32z6+aMMNxqYWj+VEMGau/Ub0VkVNK:2vTt3L+PWVueq+/Y6+aM6qYgMGau/Ubi

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks