General

  • Target

    dcc3570c348c7e9abc3b77c8074b19a54860b1bee48347d9f2377d701e76f165N

  • Size

    110KB

  • Sample

    241110-qjtnaaxgkg

  • MD5

    0383bc727fa42046c579b362643ab250

  • SHA1

    cd6f2fe6a880f71979a8aa9265dbe17dd82ffca7

  • SHA256

    dcc3570c348c7e9abc3b77c8074b19a54860b1bee48347d9f2377d701e76f165

  • SHA512

    051818193e59151c22675457fe1073e07ba67617a5b5b973ce7f2c71f558a98bad60b939a1d73793dc69debee9bb872b8abc47e7402662e9d3a2fa2b4e5b8bc6

  • SSDEEP

    3072:+9hwi8Ej6DgmOiYJqERtbRTLJiXSk6IXP:+DuJSUSk6k

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dcc3570c348c7e9abc3b77c8074b19a54860b1bee48347d9f2377d701e76f165N

    • Size

      110KB

    • MD5

      0383bc727fa42046c579b362643ab250

    • SHA1

      cd6f2fe6a880f71979a8aa9265dbe17dd82ffca7

    • SHA256

      dcc3570c348c7e9abc3b77c8074b19a54860b1bee48347d9f2377d701e76f165

    • SHA512

      051818193e59151c22675457fe1073e07ba67617a5b5b973ce7f2c71f558a98bad60b939a1d73793dc69debee9bb872b8abc47e7402662e9d3a2fa2b4e5b8bc6

    • SSDEEP

      3072:+9hwi8Ej6DgmOiYJqERtbRTLJiXSk6IXP:+DuJSUSk6k

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks