General

  • Target

    b830ed8e8a987d5be007c8ca17e270475767f549f1fff3a59fe380fe5f473c60N

  • Size

    276KB

  • Sample

    241110-nt9fdawcpq

  • MD5

    d4e9cd5c8841cd26309ea4823331c8f0

  • SHA1

    e8e48fb2a2e35de1f03435e4372899be04da0886

  • SHA256

    b830ed8e8a987d5be007c8ca17e270475767f549f1fff3a59fe380fe5f473c60

  • SHA512

    07f02c40deb5f5b3246c33dde5678d71acb8f6f73a440343ecbd6b67a2cad93ef3bbe70e46723df02c6775046c404b7239ceedd52c27f5917de65576719ddc3a

  • SSDEEP

    3072:iR69Eel415kYE3GDd1AZoUBW3FJeRuaWNXmgu+tAcrbFAJc+RsUi1aVDkOvhJjvc:QTnE3EdWZHEFJ7aWN1rtMsQBOSGaF+

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b830ed8e8a987d5be007c8ca17e270475767f549f1fff3a59fe380fe5f473c60N

    • Size

      276KB

    • MD5

      d4e9cd5c8841cd26309ea4823331c8f0

    • SHA1

      e8e48fb2a2e35de1f03435e4372899be04da0886

    • SHA256

      b830ed8e8a987d5be007c8ca17e270475767f549f1fff3a59fe380fe5f473c60

    • SHA512

      07f02c40deb5f5b3246c33dde5678d71acb8f6f73a440343ecbd6b67a2cad93ef3bbe70e46723df02c6775046c404b7239ceedd52c27f5917de65576719ddc3a

    • SSDEEP

      3072:iR69Eel415kYE3GDd1AZoUBW3FJeRuaWNXmgu+tAcrbFAJc+RsUi1aVDkOvhJjvc:QTnE3EdWZHEFJ7aWN1rtMsQBOSGaF+

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks