General

  • Target

    3342b0e19037fc914f08a0667d3f97ca09f3776f689ffdf01ca168344e09eb98N

  • Size

    290KB

  • Sample

    241110-szn4vayphs

  • MD5

    bbf3ef3e2a6bb02017fd8d3fbebe0e10

  • SHA1

    601df3b021576857e17d51a1477488b2955ae96e

  • SHA256

    3342b0e19037fc914f08a0667d3f97ca09f3776f689ffdf01ca168344e09eb98

  • SHA512

    b9b4e3f1be8156a02de270f8766688c33dc3c90e59df822ceeb6f824ef673e55b75c0be8f39d412cf1c8f4165459bdb1863e4441ccf939e4e61918666236f92c

  • SSDEEP

    6144:DGQdcnJPAkY7tvUmKyIxLDXXoq9FJZCUmKyIxL:STRYh32XXf9Do3

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3342b0e19037fc914f08a0667d3f97ca09f3776f689ffdf01ca168344e09eb98N

    • Size

      290KB

    • MD5

      bbf3ef3e2a6bb02017fd8d3fbebe0e10

    • SHA1

      601df3b021576857e17d51a1477488b2955ae96e

    • SHA256

      3342b0e19037fc914f08a0667d3f97ca09f3776f689ffdf01ca168344e09eb98

    • SHA512

      b9b4e3f1be8156a02de270f8766688c33dc3c90e59df822ceeb6f824ef673e55b75c0be8f39d412cf1c8f4165459bdb1863e4441ccf939e4e61918666236f92c

    • SSDEEP

      6144:DGQdcnJPAkY7tvUmKyIxLDXXoq9FJZCUmKyIxL:STRYh32XXf9Do3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks