General

  • Target

    e14bb4b7f5aa05da2970d5bb1faa423746b60822d521db261a62a2eb5feadf60N

  • Size

    96KB

  • Sample

    241110-t31sgszmhw

  • MD5

    2027608025b52b238d204c9007c268d0

  • SHA1

    433f53a331fa997fe987c634ee24e2fcd188beb1

  • SHA256

    e14bb4b7f5aa05da2970d5bb1faa423746b60822d521db261a62a2eb5feadf60

  • SHA512

    958b97abdf1a9ffaf2c0082f618ecd2bb4ede6c7d553e8f32b148fc02ed0c3e0099a08e64e7a79f830bf52ea65be7ac705ff679d900a4fa8222ccbb354e036c4

  • SSDEEP

    1536:6KzCiCoYhNihhpXr8+t+ekPHTdXvLDVFsfYtduV9jojTIvjrH:6KeiCoYrUDI+cPzdX/YfYtd69jc0vf

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e14bb4b7f5aa05da2970d5bb1faa423746b60822d521db261a62a2eb5feadf60N

    • Size

      96KB

    • MD5

      2027608025b52b238d204c9007c268d0

    • SHA1

      433f53a331fa997fe987c634ee24e2fcd188beb1

    • SHA256

      e14bb4b7f5aa05da2970d5bb1faa423746b60822d521db261a62a2eb5feadf60

    • SHA512

      958b97abdf1a9ffaf2c0082f618ecd2bb4ede6c7d553e8f32b148fc02ed0c3e0099a08e64e7a79f830bf52ea65be7ac705ff679d900a4fa8222ccbb354e036c4

    • SSDEEP

      1536:6KzCiCoYhNihhpXr8+t+ekPHTdXvLDVFsfYtduV9jojTIvjrH:6KeiCoYrUDI+cPzdX/YfYtd69jc0vf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks