General

  • Target

    ad03dd75477ee0b95e5f0e6a0a4176c9e6722e52b274b9bfe5a23f49b04e00feN

  • Size

    117KB

  • Sample

    241110-csnxhaxerg

  • MD5

    f208a0b99e1015c2e94b5d5ddd19fe00

  • SHA1

    8c95ec48d29c4d2e5afc26437bc0b411432578b6

  • SHA256

    ad03dd75477ee0b95e5f0e6a0a4176c9e6722e52b274b9bfe5a23f49b04e00fe

  • SHA512

    fd66c912587fa06b931ec14c028fc67112d76b5e6b80de105ee2583a51b65047898fb24f7039e25536aa17c2fe62478c27c861bfd6e71395282421b3a6172d58

  • SSDEEP

    3072:QCMoaXLKM2mmcYjM9gHE1dA8xCWT8FFfUrQlM:Q7zwTfMQ

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ad03dd75477ee0b95e5f0e6a0a4176c9e6722e52b274b9bfe5a23f49b04e00feN

    • Size

      117KB

    • MD5

      f208a0b99e1015c2e94b5d5ddd19fe00

    • SHA1

      8c95ec48d29c4d2e5afc26437bc0b411432578b6

    • SHA256

      ad03dd75477ee0b95e5f0e6a0a4176c9e6722e52b274b9bfe5a23f49b04e00fe

    • SHA512

      fd66c912587fa06b931ec14c028fc67112d76b5e6b80de105ee2583a51b65047898fb24f7039e25536aa17c2fe62478c27c861bfd6e71395282421b3a6172d58

    • SSDEEP

      3072:QCMoaXLKM2mmcYjM9gHE1dA8xCWT8FFfUrQlM:Q7zwTfMQ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks