General

  • Target

    8c697e4b47e0676b295043801b8e577dd783c85a073580e61a441c4f706cccacN

  • Size

    96KB

  • Sample

    241110-ms3e1averl

  • MD5

    60d447949b8f29636efce79b552ac440

  • SHA1

    9adffed59dd348c33ae1ff4923d97e358afdc4e3

  • SHA256

    8c697e4b47e0676b295043801b8e577dd783c85a073580e61a441c4f706cccac

  • SHA512

    69a25d470a632fc3b8302f2dd1d85be952c37f1d3fd622cb14e35ee47cec93ca0aff671d817980696d864c4b401ef8cb1c886086b344419b7226f503d664c3e9

  • SSDEEP

    1536:9/MbKEX26wXzgUBqugHQN5KIwMcduV9jojTIvjrH:ibY6wjgU4uDNgIwMcd69jc0vf

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8c697e4b47e0676b295043801b8e577dd783c85a073580e61a441c4f706cccacN

    • Size

      96KB

    • MD5

      60d447949b8f29636efce79b552ac440

    • SHA1

      9adffed59dd348c33ae1ff4923d97e358afdc4e3

    • SHA256

      8c697e4b47e0676b295043801b8e577dd783c85a073580e61a441c4f706cccac

    • SHA512

      69a25d470a632fc3b8302f2dd1d85be952c37f1d3fd622cb14e35ee47cec93ca0aff671d817980696d864c4b401ef8cb1c886086b344419b7226f503d664c3e9

    • SSDEEP

      1536:9/MbKEX26wXzgUBqugHQN5KIwMcduV9jojTIvjrH:ibY6wjgU4uDNgIwMcd69jc0vf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks