General

  • Target

    6d50ca64119eb3226c194c91b687560049b23eea34f392bbf1cb09a85e33a675N

  • Size

    336KB

  • Sample

    241110-ntdcyawcmq

  • MD5

    bd6b4e5ff4f39f55715a50d5a7eaf570

  • SHA1

    abe7fc83da878f3e4ddeb1efba3a55c0c85de19c

  • SHA256

    6d50ca64119eb3226c194c91b687560049b23eea34f392bbf1cb09a85e33a675

  • SHA512

    1762c055eaba1d796a6b234558f9cfa5e7981b5c06f626aaf67e4e8f4ee892e209d90c88933fa1e2272fdbd842ddf2f3a6e41ed21de3f06c7819472cbb477f94

  • SSDEEP

    6144:vcWlCRx7F67aOl3BzrUmKyIxLfYeOO9UmKyIxLiajOE:vLCRi7aOlxzr3cOK3Taj

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6d50ca64119eb3226c194c91b687560049b23eea34f392bbf1cb09a85e33a675N

    • Size

      336KB

    • MD5

      bd6b4e5ff4f39f55715a50d5a7eaf570

    • SHA1

      abe7fc83da878f3e4ddeb1efba3a55c0c85de19c

    • SHA256

      6d50ca64119eb3226c194c91b687560049b23eea34f392bbf1cb09a85e33a675

    • SHA512

      1762c055eaba1d796a6b234558f9cfa5e7981b5c06f626aaf67e4e8f4ee892e209d90c88933fa1e2272fdbd842ddf2f3a6e41ed21de3f06c7819472cbb477f94

    • SSDEEP

      6144:vcWlCRx7F67aOl3BzrUmKyIxLfYeOO9UmKyIxLiajOE:vLCRi7aOlxzr3cOK3Taj

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks