General

  • Target

    d7188adca5b99e73fb357cef956d3d931de7ed26e405912901aaf01618162935N

  • Size

    290KB

  • Sample

    241110-r5nvlayjfy

  • MD5

    859d568ca22d5311cfeaa58ad4a22900

  • SHA1

    2c65bee229a24cbcf12b61035b24b7e304357b11

  • SHA256

    d7188adca5b99e73fb357cef956d3d931de7ed26e405912901aaf01618162935

  • SHA512

    f51b4919a48805316fedbc3d4af44110914e6ffe8820f31a090d95d46fcb0d4704fcc557ead528aa5c066b9abd4feb02248bb88a488c3052a4d25c4fb7f0cf15

  • SSDEEP

    6144:+H2wXdShJ2UmKyIxLDXXoq9FJZCUmKyIxL:A2KS+32XXf9Do3

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d7188adca5b99e73fb357cef956d3d931de7ed26e405912901aaf01618162935N

    • Size

      290KB

    • MD5

      859d568ca22d5311cfeaa58ad4a22900

    • SHA1

      2c65bee229a24cbcf12b61035b24b7e304357b11

    • SHA256

      d7188adca5b99e73fb357cef956d3d931de7ed26e405912901aaf01618162935

    • SHA512

      f51b4919a48805316fedbc3d4af44110914e6ffe8820f31a090d95d46fcb0d4704fcc557ead528aa5c066b9abd4feb02248bb88a488c3052a4d25c4fb7f0cf15

    • SSDEEP

      6144:+H2wXdShJ2UmKyIxLDXXoq9FJZCUmKyIxL:A2KS+32XXf9Do3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks