General

  • Target

    bfaaae65d1af3926cb1694e354fcd31fd6f620ae51c60ac39b0b95e94eb7b326

  • Size

    211KB

  • Sample

    241110-cqr65swqfw

  • MD5

    e433aef3263fb2c5a127391bf6dc8e56

  • SHA1

    d33d1f309950e0469eb2a24d4819958463b4ed9b

  • SHA256

    bfaaae65d1af3926cb1694e354fcd31fd6f620ae51c60ac39b0b95e94eb7b326

  • SHA512

    e76181ecf1fc786c972a31c6d0c021205b3d9b60eebe87cb58fc21e5391814054017ae1670f23413adff3562e33d175189d00f29aadcaab483bb0795bfcc4505

  • SSDEEP

    6144:bH19T90EKHWE7eYr75lHzpaF2e6UK+42GTQMJSZO5f7M0rx7/N:b90JHP7eYr75lTefkY660fII

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bfaaae65d1af3926cb1694e354fcd31fd6f620ae51c60ac39b0b95e94eb7b326

    • Size

      211KB

    • MD5

      e433aef3263fb2c5a127391bf6dc8e56

    • SHA1

      d33d1f309950e0469eb2a24d4819958463b4ed9b

    • SHA256

      bfaaae65d1af3926cb1694e354fcd31fd6f620ae51c60ac39b0b95e94eb7b326

    • SHA512

      e76181ecf1fc786c972a31c6d0c021205b3d9b60eebe87cb58fc21e5391814054017ae1670f23413adff3562e33d175189d00f29aadcaab483bb0795bfcc4505

    • SSDEEP

      6144:bH19T90EKHWE7eYr75lHzpaF2e6UK+42GTQMJSZO5f7M0rx7/N:b90JHP7eYr75lTefkY660fII

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks