General

  • Target

    dbd64f7e773e553bb6224eb41057413d2ad36a27e1a8cede089b53989f8647d7

  • Size

    145KB

  • Sample

    241110-dxslxs1qbn

  • MD5

    e65036b1d46d44480eee1b6db8d4fc15

  • SHA1

    4f400a3a82678961fc277d861a27d564457ed346

  • SHA256

    dbd64f7e773e553bb6224eb41057413d2ad36a27e1a8cede089b53989f8647d7

  • SHA512

    3642a70d8e45821e7a3ef6cac1e3cb61f6e46ca552062a1796404f2a62a295fdeaf2d677307810e077cda94179e982e828c588df5b0c3b90bfef10a7b13d39bc

  • SSDEEP

    3072:moyVLbhHjYBQDzI0gETwSaV60Lt1wBjER:1YLbG8dgEO/IBYR

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dbd64f7e773e553bb6224eb41057413d2ad36a27e1a8cede089b53989f8647d7

    • Size

      145KB

    • MD5

      e65036b1d46d44480eee1b6db8d4fc15

    • SHA1

      4f400a3a82678961fc277d861a27d564457ed346

    • SHA256

      dbd64f7e773e553bb6224eb41057413d2ad36a27e1a8cede089b53989f8647d7

    • SHA512

      3642a70d8e45821e7a3ef6cac1e3cb61f6e46ca552062a1796404f2a62a295fdeaf2d677307810e077cda94179e982e828c588df5b0c3b90bfef10a7b13d39bc

    • SSDEEP

      3072:moyVLbhHjYBQDzI0gETwSaV60Lt1wBjER:1YLbG8dgEO/IBYR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks