General

  • Target

    2d2052661ec1a97dc7036491442a355e784fd5bd9e0a879d1803fa934a036bf8N

  • Size

    2.5MB

  • Sample

    241110-qc1s1szqgk

  • MD5

    dc17c5dc108487e4ba22de51dae1ab40

  • SHA1

    921a61112397a6ac0686d06e83e8f6d851c48337

  • SHA256

    2d2052661ec1a97dc7036491442a355e784fd5bd9e0a879d1803fa934a036bf8

  • SHA512

    ac4abb2a707441a42b9159cc20e62071da98cc3a715e5e07f3159da12af3669d823ee02e2ca34cf9c0c7f73bcfa749d61ed469f63d2da0ddc431ec6c8854c4f8

  • SSDEEP

    12288:8na0kY660JVaw0HBHOehl0oDL/eToo5Li2:z0gdVaw0HBFhWof/0o8

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      2d2052661ec1a97dc7036491442a355e784fd5bd9e0a879d1803fa934a036bf8N

    • Size

      2.5MB

    • MD5

      dc17c5dc108487e4ba22de51dae1ab40

    • SHA1

      921a61112397a6ac0686d06e83e8f6d851c48337

    • SHA256

      2d2052661ec1a97dc7036491442a355e784fd5bd9e0a879d1803fa934a036bf8

    • SHA512

      ac4abb2a707441a42b9159cc20e62071da98cc3a715e5e07f3159da12af3669d823ee02e2ca34cf9c0c7f73bcfa749d61ed469f63d2da0ddc431ec6c8854c4f8

    • SSDEEP

      12288:8na0kY660JVaw0HBHOehl0oDL/eToo5Li2:z0gdVaw0HBFhWof/0o8

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks