General

  • Target

    b355b55cfdca693a07b4697bdeda99139d0979f6932bfd5304ae7aa99695e7e7N

  • Size

    90KB

  • Sample

    241110-mwxzpavkfy

  • MD5

    860fc2516f37031af4326fcc089acfa0

  • SHA1

    89893157c6a9d825562e2b5dc3da4d862e65c67d

  • SHA256

    b355b55cfdca693a07b4697bdeda99139d0979f6932bfd5304ae7aa99695e7e7

  • SHA512

    8a823a9b937f5896f678d372bf9e6c48fa079c5327e8e2066cc6df1786a87ab08ff16d288d6b3aacfefde57bd527b05aed0a3220991c0468b172d9f012f0726c

  • SSDEEP

    1536:nF2o9NT977jYMcp/kFINV9owi3cV/RmL7W7kqoeGIu/Ub0VkVNK:n9NT91+4INVCv3cVJm6oeGIu/Ub0+NK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b355b55cfdca693a07b4697bdeda99139d0979f6932bfd5304ae7aa99695e7e7N

    • Size

      90KB

    • MD5

      860fc2516f37031af4326fcc089acfa0

    • SHA1

      89893157c6a9d825562e2b5dc3da4d862e65c67d

    • SHA256

      b355b55cfdca693a07b4697bdeda99139d0979f6932bfd5304ae7aa99695e7e7

    • SHA512

      8a823a9b937f5896f678d372bf9e6c48fa079c5327e8e2066cc6df1786a87ab08ff16d288d6b3aacfefde57bd527b05aed0a3220991c0468b172d9f012f0726c

    • SSDEEP

      1536:nF2o9NT977jYMcp/kFINV9owi3cV/RmL7W7kqoeGIu/Ub0VkVNK:n9NT91+4INVCv3cVJm6oeGIu/Ub0+NK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks