General

  • Target

    f33379182885552dd6fa4232fbbc47da4b7ba4191df6f40c37ce4f9df3a43eeaN

  • Size

    109KB

  • Sample

    241110-q1q9gsxlbs

  • MD5

    4bda815e11ad2d7514cd8d1884631b20

  • SHA1

    71f30b43dd36953c5533dab2ecd41550a922d915

  • SHA256

    f33379182885552dd6fa4232fbbc47da4b7ba4191df6f40c37ce4f9df3a43eea

  • SHA512

    8faa04468846e50454c6221e36eb7290dbe27139148cd6dee80a41ea8d3f5bda6f28ba89ae670376a3b7974c14b4e2fab842d30c2dc3938dbe94de19d9a3213c

  • SSDEEP

    3072:X85G8JXkExYcb7dY0J9rLCqwzBu1DjHLMVDqqkSpR:o/Kq7FJ93wtu1DjrFqhz

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f33379182885552dd6fa4232fbbc47da4b7ba4191df6f40c37ce4f9df3a43eeaN

    • Size

      109KB

    • MD5

      4bda815e11ad2d7514cd8d1884631b20

    • SHA1

      71f30b43dd36953c5533dab2ecd41550a922d915

    • SHA256

      f33379182885552dd6fa4232fbbc47da4b7ba4191df6f40c37ce4f9df3a43eea

    • SHA512

      8faa04468846e50454c6221e36eb7290dbe27139148cd6dee80a41ea8d3f5bda6f28ba89ae670376a3b7974c14b4e2fab842d30c2dc3938dbe94de19d9a3213c

    • SSDEEP

      3072:X85G8JXkExYcb7dY0J9rLCqwzBu1DjHLMVDqqkSpR:o/Kq7FJ93wtu1DjrFqhz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks