General

  • Target

    d03c46a8ff3789de5335b9b6e055a2e93f626eae2732451945e65881a147c56fN

  • Size

    96KB

  • Sample

    241110-r29ynayjct

  • MD5

    c1aef24194e26dc1211020adc25c0db0

  • SHA1

    c3e5aa2aea67cd0afb8ae9746c61316c09c26684

  • SHA256

    d03c46a8ff3789de5335b9b6e055a2e93f626eae2732451945e65881a147c56f

  • SHA512

    124e4d1fe7341ad4f9f9f2d3ec4cb94a606712b8a488b88cb5762c92300b06a8ba459eac27141ec47aafbd71b440d4e9ed73bd74c37b46781e74d812864cdf94

  • SSDEEP

    1536:JxrvQfeYKD/jiQxme+TSqTsZTRWhYZnO4Wqcph4hrUQVoMdUT+irF:DLYZQwlTS1ZT4SnWqSyhr1Rhk

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d03c46a8ff3789de5335b9b6e055a2e93f626eae2732451945e65881a147c56fN

    • Size

      96KB

    • MD5

      c1aef24194e26dc1211020adc25c0db0

    • SHA1

      c3e5aa2aea67cd0afb8ae9746c61316c09c26684

    • SHA256

      d03c46a8ff3789de5335b9b6e055a2e93f626eae2732451945e65881a147c56f

    • SHA512

      124e4d1fe7341ad4f9f9f2d3ec4cb94a606712b8a488b88cb5762c92300b06a8ba459eac27141ec47aafbd71b440d4e9ed73bd74c37b46781e74d812864cdf94

    • SSDEEP

      1536:JxrvQfeYKD/jiQxme+TSqTsZTRWhYZnO4Wqcph4hrUQVoMdUT+irF:DLYZQwlTS1ZT4SnWqSyhr1Rhk

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks