General

  • Target

    49ab5335e0345cfff68a95e007e89fb296eb1c95f7d82dd625996c38037c11a0N

  • Size

    90KB

  • Sample

    241110-syxdtszdmh

  • MD5

    8187a18d84fdd13c9c188a7d42f7c1a0

  • SHA1

    c8b210ce6317e110d3d7e0dbddb6e3ff7202deaa

  • SHA256

    49ab5335e0345cfff68a95e007e89fb296eb1c95f7d82dd625996c38037c11a0

  • SHA512

    306c81034118c0a29d66742be44923ca187e8245e2a59373efa2d6d08c448ee2706333c2fcf5b2a353a5d72e58be7eb081b4609e2d743720babf39ada142a33b

  • SSDEEP

    1536:HA6WkjBHB81djOvphtIYepX4Uc0gN842Z2JRLADKrUKGmu/Ub0VkVNK:pWvXOvphdFumRZbGmu/Ub0+NK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      49ab5335e0345cfff68a95e007e89fb296eb1c95f7d82dd625996c38037c11a0N

    • Size

      90KB

    • MD5

      8187a18d84fdd13c9c188a7d42f7c1a0

    • SHA1

      c8b210ce6317e110d3d7e0dbddb6e3ff7202deaa

    • SHA256

      49ab5335e0345cfff68a95e007e89fb296eb1c95f7d82dd625996c38037c11a0

    • SHA512

      306c81034118c0a29d66742be44923ca187e8245e2a59373efa2d6d08c448ee2706333c2fcf5b2a353a5d72e58be7eb081b4609e2d743720babf39ada142a33b

    • SSDEEP

      1536:HA6WkjBHB81djOvphtIYepX4Uc0gN842Z2JRLADKrUKGmu/Ub0VkVNK:pWvXOvphdFumRZbGmu/Ub0+NK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks