General

  • Target

    4541d9bb02246b554067b4bf55ea71d75ba9e1ccce6bb5eb844bfb8619b46b30N

  • Size

    96KB

  • Sample

    241110-ssbvyazcmc

  • MD5

    a57353cdd5998d34a8139eff8c61b9d0

  • SHA1

    9b5d3ba40f899bd81f52c7700963373f3fc779d5

  • SHA256

    4541d9bb02246b554067b4bf55ea71d75ba9e1ccce6bb5eb844bfb8619b46b30

  • SHA512

    9b5d1d1cbf9adaab6f73efdd09e5e49e1cb6622fa0317e82c8dff557369e2ad198336ed1334f2aabc55e267af3d4e1fa8a75f69341e3873fc7f486d90db9acbe

  • SSDEEP

    1536:+mqnpc5n7Dyvo9jdrwb2DwIqedwpE6Mav8pMJ6+dvduV9jojTIvjrH:3qnpc57+var5DK9+havjJthd69jc0vf

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4541d9bb02246b554067b4bf55ea71d75ba9e1ccce6bb5eb844bfb8619b46b30N

    • Size

      96KB

    • MD5

      a57353cdd5998d34a8139eff8c61b9d0

    • SHA1

      9b5d3ba40f899bd81f52c7700963373f3fc779d5

    • SHA256

      4541d9bb02246b554067b4bf55ea71d75ba9e1ccce6bb5eb844bfb8619b46b30

    • SHA512

      9b5d1d1cbf9adaab6f73efdd09e5e49e1cb6622fa0317e82c8dff557369e2ad198336ed1334f2aabc55e267af3d4e1fa8a75f69341e3873fc7f486d90db9acbe

    • SSDEEP

      1536:+mqnpc5n7Dyvo9jdrwb2DwIqedwpE6Mav8pMJ6+dvduV9jojTIvjrH:3qnpc57+var5DK9+havjJthd69jc0vf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks