General

  • Target

    ebe2b2d95a3310c2b3d2b6c10d43f3ad492eac0d71d1d0180f89fa0dea3978bdN

  • Size

    368KB

  • Sample

    241110-t1wqrazhqk

  • MD5

    9fe399d34c2ca2ee97bb623fbac6d1f0

  • SHA1

    5ed3b421c4c0a25bbd45f35889c2a4a6e9b05511

  • SHA256

    ebe2b2d95a3310c2b3d2b6c10d43f3ad492eac0d71d1d0180f89fa0dea3978bd

  • SHA512

    ddb3fefc36b69d48dba2eec3c23286613ae75de8701def12bc4578b8b0bc75f7e5c4a709878ad759e2e9a91bcfe2d47991ce598ca11d25d294970fb1dc73f76f

  • SSDEEP

    6144:0D+btnX+a6ZQO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwHlGrh/tOz:0sZnQ/+zrWAI5KFum/+zrWAIAqWiO

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ebe2b2d95a3310c2b3d2b6c10d43f3ad492eac0d71d1d0180f89fa0dea3978bdN

    • Size

      368KB

    • MD5

      9fe399d34c2ca2ee97bb623fbac6d1f0

    • SHA1

      5ed3b421c4c0a25bbd45f35889c2a4a6e9b05511

    • SHA256

      ebe2b2d95a3310c2b3d2b6c10d43f3ad492eac0d71d1d0180f89fa0dea3978bd

    • SHA512

      ddb3fefc36b69d48dba2eec3c23286613ae75de8701def12bc4578b8b0bc75f7e5c4a709878ad759e2e9a91bcfe2d47991ce598ca11d25d294970fb1dc73f76f

    • SSDEEP

      6144:0D+btnX+a6ZQO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwHlGrh/tOz:0sZnQ/+zrWAI5KFum/+zrWAIAqWiO

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks