General

  • Target

    9243807c70c5582a3e00c82bbd4af1cfff9e00d4d959b26ae5e0b4a2bc008bf5N

  • Size

    90KB

  • Sample

    241110-mvx83avfml

  • MD5

    165f484106270b181dd571a9a7fce4b0

  • SHA1

    a9baa28f9fd4244417783d667d52dc56d48b5c18

  • SHA256

    9243807c70c5582a3e00c82bbd4af1cfff9e00d4d959b26ae5e0b4a2bc008bf5

  • SHA512

    829e21147eabeb512f2b4ec3557a339c24915ed28d88969a201eb461a529cd5deee8473ecbac65fab23f2290babeb3a1b38d41417c9fea06d8cb764caddbb923

  • SSDEEP

    1536:+4ZvT7W9QaOww7uMEKcTlwveCsbIp80bTpNS/IKmjaDDDDDDDDDDDDDDDDDDDDDU:LrLaOw/322Cv1Y6ekSbVU/4kT0Yxj

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9243807c70c5582a3e00c82bbd4af1cfff9e00d4d959b26ae5e0b4a2bc008bf5N

    • Size

      90KB

    • MD5

      165f484106270b181dd571a9a7fce4b0

    • SHA1

      a9baa28f9fd4244417783d667d52dc56d48b5c18

    • SHA256

      9243807c70c5582a3e00c82bbd4af1cfff9e00d4d959b26ae5e0b4a2bc008bf5

    • SHA512

      829e21147eabeb512f2b4ec3557a339c24915ed28d88969a201eb461a529cd5deee8473ecbac65fab23f2290babeb3a1b38d41417c9fea06d8cb764caddbb923

    • SSDEEP

      1536:+4ZvT7W9QaOww7uMEKcTlwveCsbIp80bTpNS/IKmjaDDDDDDDDDDDDDDDDDDDDDU:LrLaOw/322Cv1Y6ekSbVU/4kT0Yxj

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks