General

  • Target

    5de7bb36832473af62d079117e472214337cf9b372df8c8daa6ff072a5c3d4b7N

  • Size

    336KB

  • Sample

    241110-nvleyawfle

  • MD5

    65826df7a7abc3a86d973857c97ab320

  • SHA1

    ea2a50e3f8bb9a23e3a135228d1628beed60b9d9

  • SHA256

    5de7bb36832473af62d079117e472214337cf9b372df8c8daa6ff072a5c3d4b7

  • SHA512

    7fa380f11a20266fa41879f866830aeb240af145ad5a858627722ba41df10266a1440654c2a7e22f4e0bb288957aa11b10e87e5deb7f351a303ec9dd81ccadb9

  • SSDEEP

    6144:kQkk5fRB6A7aOl3BzrUmKyIxLfYeOO9UmKyIxLiajOE:kQkkRRBb7aOlxzr3cOK3Taj

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5de7bb36832473af62d079117e472214337cf9b372df8c8daa6ff072a5c3d4b7N

    • Size

      336KB

    • MD5

      65826df7a7abc3a86d973857c97ab320

    • SHA1

      ea2a50e3f8bb9a23e3a135228d1628beed60b9d9

    • SHA256

      5de7bb36832473af62d079117e472214337cf9b372df8c8daa6ff072a5c3d4b7

    • SHA512

      7fa380f11a20266fa41879f866830aeb240af145ad5a858627722ba41df10266a1440654c2a7e22f4e0bb288957aa11b10e87e5deb7f351a303ec9dd81ccadb9

    • SSDEEP

      6144:kQkk5fRB6A7aOl3BzrUmKyIxLfYeOO9UmKyIxLiajOE:kQkkRRBb7aOlxzr3cOK3Taj

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks