General

  • Target

    0eca603c2f6af6696da1c4f8d040c83a3fb554fb13ea2347ca43d0f3c0fa6cf1N

  • Size

    1024KB

  • Sample

    241110-d62aesyglh

  • MD5

    b71d050c84607760819f192d61226e20

  • SHA1

    72b3878973efff8f5d5918b08e851066164f6488

  • SHA256

    0eca603c2f6af6696da1c4f8d040c83a3fb554fb13ea2347ca43d0f3c0fa6cf1

  • SHA512

    38207a4c9d934c03261d29ed834d9815378a89ebae8071e218405acf27de8e3fbbf9b95b04e4a8e14fdf70c90e575099cf5e9fc544cb13b74fabe693e51e1877

  • SSDEEP

    12288:wj9EWSkY660fIaDZkY660f8jTK/XhdAwlt01PBExKN4P6IfKTLR+6CwUkEoH:wMgsaDZgQjGkwlks/6HnEO

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0eca603c2f6af6696da1c4f8d040c83a3fb554fb13ea2347ca43d0f3c0fa6cf1N

    • Size

      1024KB

    • MD5

      b71d050c84607760819f192d61226e20

    • SHA1

      72b3878973efff8f5d5918b08e851066164f6488

    • SHA256

      0eca603c2f6af6696da1c4f8d040c83a3fb554fb13ea2347ca43d0f3c0fa6cf1

    • SHA512

      38207a4c9d934c03261d29ed834d9815378a89ebae8071e218405acf27de8e3fbbf9b95b04e4a8e14fdf70c90e575099cf5e9fc544cb13b74fabe693e51e1877

    • SSDEEP

      12288:wj9EWSkY660fIaDZkY660f8jTK/XhdAwlt01PBExKN4P6IfKTLR+6CwUkEoH:wMgsaDZgQjGkwlks/6HnEO

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks