General

  • Target

    293ec13a70ec15b95b3c81807b81b2d075c51872f8cdfc831ad3fbcd2b167a8eN

  • Size

    159KB

  • Sample

    241110-p81bpaxeqd

  • MD5

    28d3890c8888a7e301564c586add4e40

  • SHA1

    b2dac526edc26accc5ee84eeb110a818e31e7779

  • SHA256

    293ec13a70ec15b95b3c81807b81b2d075c51872f8cdfc831ad3fbcd2b167a8e

  • SHA512

    db5f8fb02c8cea888481abdc3a560d1dbc84dbc52f4429776d1d0af0d4235d5cdfc1d12c0cbefcf31ab0aced3b8a4c89789ce7ac02d9c87206b672c4e1186b95

  • SSDEEP

    3072:Mx6+R7JEdc2nmFWK+YfAbwf1nFzwSAJB8FgBY5nd/M9dA:fUp2nG++B1n6xJmPM9dA

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      293ec13a70ec15b95b3c81807b81b2d075c51872f8cdfc831ad3fbcd2b167a8eN

    • Size

      159KB

    • MD5

      28d3890c8888a7e301564c586add4e40

    • SHA1

      b2dac526edc26accc5ee84eeb110a818e31e7779

    • SHA256

      293ec13a70ec15b95b3c81807b81b2d075c51872f8cdfc831ad3fbcd2b167a8e

    • SHA512

      db5f8fb02c8cea888481abdc3a560d1dbc84dbc52f4429776d1d0af0d4235d5cdfc1d12c0cbefcf31ab0aced3b8a4c89789ce7ac02d9c87206b672c4e1186b95

    • SSDEEP

      3072:Mx6+R7JEdc2nmFWK+YfAbwf1nFzwSAJB8FgBY5nd/M9dA:fUp2nG++B1n6xJmPM9dA

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks