General

  • Target

    f5501d9a7eba0c848292515abfed05ad2e6c9905f57511be38eb9d77f2afc5edN

  • Size

    448KB

  • Sample

    241110-qa82lswqdv

  • MD5

    e03bf66065419675c0dfc0edfc2f5850

  • SHA1

    ebcf54373593272594ddda395bbd616e323859e5

  • SHA256

    f5501d9a7eba0c848292515abfed05ad2e6c9905f57511be38eb9d77f2afc5ed

  • SHA512

    ecfca841225c0921569abbc7bd1772d930bfcb4c97b6cc1fbe19be587dd7f06792eec75bdef921ef36ff1adc478d113dddb796a620205148db3a4341d26ba918

  • SSDEEP

    12288:GX8WrLWTeD2kY660fIaDZkY660f8jTK/h://3gsaDZgQjGh

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f5501d9a7eba0c848292515abfed05ad2e6c9905f57511be38eb9d77f2afc5edN

    • Size

      448KB

    • MD5

      e03bf66065419675c0dfc0edfc2f5850

    • SHA1

      ebcf54373593272594ddda395bbd616e323859e5

    • SHA256

      f5501d9a7eba0c848292515abfed05ad2e6c9905f57511be38eb9d77f2afc5ed

    • SHA512

      ecfca841225c0921569abbc7bd1772d930bfcb4c97b6cc1fbe19be587dd7f06792eec75bdef921ef36ff1adc478d113dddb796a620205148db3a4341d26ba918

    • SSDEEP

      12288:GX8WrLWTeD2kY660fIaDZkY660f8jTK/h://3gsaDZgQjGh

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks