General

  • Target

    cb89d1e8cd3bebe9e5e790d40f927c7caa7bb84a3126774d1a4555e5170bb7f9N

  • Size

    161KB

  • Sample

    241110-r2f1ksygme

  • MD5

    e0715d4c28ec7ce94e2d7bfc2e56af70

  • SHA1

    84cc57699fa8ca514b16d82de91f653887810b51

  • SHA256

    cb89d1e8cd3bebe9e5e790d40f927c7caa7bb84a3126774d1a4555e5170bb7f9

  • SHA512

    a40decbcbec75233ccda88f7d22f23c05d0805e1e17cb356661e763e051a6068ff7084b2c371650cc00d780cec23a862d510c713d294de3c6c58b1d21b7dc5b4

  • SSDEEP

    3072:Qj+8Ak90AYsj8dKbk5NipcDf3l8NigVJFtC2U2Vo/jbNkyVwtCJXeex7rrIRZK82:QS8Ak90AYsj8Mbk5NipcDf3gigVJFtCt

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      cb89d1e8cd3bebe9e5e790d40f927c7caa7bb84a3126774d1a4555e5170bb7f9N

    • Size

      161KB

    • MD5

      e0715d4c28ec7ce94e2d7bfc2e56af70

    • SHA1

      84cc57699fa8ca514b16d82de91f653887810b51

    • SHA256

      cb89d1e8cd3bebe9e5e790d40f927c7caa7bb84a3126774d1a4555e5170bb7f9

    • SHA512

      a40decbcbec75233ccda88f7d22f23c05d0805e1e17cb356661e763e051a6068ff7084b2c371650cc00d780cec23a862d510c713d294de3c6c58b1d21b7dc5b4

    • SSDEEP

      3072:Qj+8Ak90AYsj8dKbk5NipcDf3l8NigVJFtC2U2Vo/jbNkyVwtCJXeex7rrIRZK82:QS8Ak90AYsj8Mbk5NipcDf3gigVJFtCt

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks