General

  • Target

    54c173cfec5091d160f19343a6390fc63c560172131eaa658c42ba97a8cd5aa7N

  • Size

    448KB

  • Sample

    241110-rt6k9syflf

  • MD5

    bde76f42a13592fb1517cb72f012d620

  • SHA1

    18bacd1e2361947cdc2e2bd0c10779e56e28ae97

  • SHA256

    54c173cfec5091d160f19343a6390fc63c560172131eaa658c42ba97a8cd5aa7

  • SHA512

    eb422dacf555b6f4bf4ac3f1e5c727c8f92d302c634fc67a4181bd09c0370d69431aba005e03e93f84defcfc9f31fb0ef4c2cd415f38d4fe00f9ab592ef3bb7c

  • SSDEEP

    6144:vUZwfJ7aOl3BzrUmKyIxLfYeOO9UmKyIxLiajOEjXP3HBsR4/0ePGSzxC:sZe7aOlxzr3cOK3TajRfXFMKNxC

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      54c173cfec5091d160f19343a6390fc63c560172131eaa658c42ba97a8cd5aa7N

    • Size

      448KB

    • MD5

      bde76f42a13592fb1517cb72f012d620

    • SHA1

      18bacd1e2361947cdc2e2bd0c10779e56e28ae97

    • SHA256

      54c173cfec5091d160f19343a6390fc63c560172131eaa658c42ba97a8cd5aa7

    • SHA512

      eb422dacf555b6f4bf4ac3f1e5c727c8f92d302c634fc67a4181bd09c0370d69431aba005e03e93f84defcfc9f31fb0ef4c2cd415f38d4fe00f9ab592ef3bb7c

    • SSDEEP

      6144:vUZwfJ7aOl3BzrUmKyIxLfYeOO9UmKyIxLiajOEjXP3HBsR4/0ePGSzxC:sZe7aOlxzr3cOK3TajRfXFMKNxC

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks